Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1301 (GCVE-0-2018-1301)
Vulnerability from cvelistv5 – Published: 2018-03-26 15:00 – Updated: 2024-09-16 17:22
VLAI
EPSS
Summary
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
Severity
No CVSS data available.
CWE
- Possible out of bound access after failure in reading the HTTP request
Assigner
References
28 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.2.0 to 2.4.29
|
Date Public
2018-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3627-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3627-1/"
},
{
"name": "103515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103515"
},
{
"name": "[oss-security] 20180323 CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/2"
},
{
"name": "DSA-4164",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "USN-3627-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3627-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "1040573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040573"
},
{
"name": "USN-3937-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3937-2/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.2.0 to 2.4.29"
}
]
}
],
"datePublic": "2018-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Possible out of bound access after failure in reading the HTTP request",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:11:15.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "USN-3627-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3627-1/"
},
{
"name": "103515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103515"
},
{
"name": "[oss-security] 20180323 CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/2"
},
{
"name": "DSA-4164",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "USN-3627-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3627-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "1040573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040573"
},
{
"name": "USN-3937-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3937-2/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-03-23T00:00:00",
"ID": "CVE-2018-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.2.0 to 2.4.29"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible out of bound access after failure in reading the HTTP request"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3627-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3627-1/"
},
{
"name": "103515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103515"
},
{
"name": "[oss-security] 20180323 CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/2"
},
{
"name": "DSA-4164",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4164"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "USN-3627-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3627-2/"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[debian-lts-announce] 20180530 [SECURITY] [DLA 1389-1] apache2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "1040573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040573"
},
{
"name": "USN-3937-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3937-2/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1301",
"datePublished": "2018-03-26T15:00:00.000Z",
"dateReserved": "2017-12-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:22:56.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-1301",
"date": "2026-05-29",
"epss": "0.07499",
"percentile": "0.91912"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1301\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-03-26T15:29:00.430\",\"lastModified\":\"2024-11-21T03:59:34.537\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.\"},{\"lang\":\"es\",\"value\":\"Una petici\u00f3n especialmente manipulada podr\u00eda haber provocado el cierre inesperado del servidor Apache HTTP en versiones anteriores a la 2.4.30, debido a un acceso fuera de l\u00edmites tras alcanzar un l\u00edmite de tama\u00f1o mediante la lectura de una cabecera HTTP. Esta vulnerabilidad se considera cr\u00edtica si no es imposible desencadenarla en un modo que no sea de depuraci\u00f3n (tanto a nivel de log como de build), por lo que se clasifica como vulnerabilidad de riesgo bajo para un uso com\u00fan del servidor.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4.29\",\"matchCriteriaId\":\"141CBF55-E282-4A6B-9A97-48941A85B723\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"8D305F7A-D159-4716-AB26-5E38BB5CD991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB15BCF1-1B1D-49D8-9B76-46DCB10044DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B7A6697-98CC-4E36-93DB-B7160F8399F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FED6CAE-D97F-49E0-9D00-1642A3A427B4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041F9200-4C01-4187-AE34-240E8277B54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB48767-F095-444F-9E05-D9AC345AB803\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F6FA12B-504C-4DBF-A32E-0548557AA2ED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2018/03/24/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103515\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040573\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3627-1/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3627-2/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3937-2/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4164\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2018/03/24/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103515\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3627-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3627-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3937-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2018:0879-1
Vulnerability from csaf_suse - Published: 2018-04-05 15:22 - Updated: 2018-04-05 15:22Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
* CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications
(SessionEnv on, not the default), a remote user may influence their content by
using a \'Session\' header leading to unexpected behavior [bsc#1086814].
* CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header,
a specially crafted request could lead to remote denial of service. [bsc#1086817]
* CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read
while preparing data to be cached in shared memory.[bsc#1086813]
* CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename,
rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]
* CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent
reply attacks was not correctly generated using a pseudo-random seed.
In a cluster of servers using a common Digest authentication configuration,
HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]
* CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
uses the Accept-Language header value to lookup the right charset encoding when verifying the
user's credentials. If the header value is not present in the charset conversion table,
a fallback mechanism is used to truncate it to a two characters value to allow a quick retry
(for example, 'en-US' is truncated to 'en').
A header value of less than two characters forces an out of bound write of one NUL byte to a
memory location that is not part of the string. In the worst case, quite unlikely, the process
would crash which could be used as a Denial of Service attack. In the more likely case, this memory
is already reserved for future use and the issue has no effect at all. [bsc#1086820]
* gensslcert: fall back to 'localhost' as hostname [bsc#1057406]
Patchnames: SUSE-OpenStack-Cloud-6-2018-593,SUSE-SLE-SAP-12-SP1-2018-593,SUSE-SLE-SERVER-12-SP1-2018-593
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n\n * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications \n (SessionEnv on, not the default), a remote user may influence their content by \n using a \\\u0027Session\\\u0027 header leading to unexpected behavior [bsc#1086814].\n\n * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, \n a specially crafted request could lead to remote denial of service. [bsc#1086817]\n \n * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read \n while preparing data to be cached in shared memory.[bsc#1086813]\n \n * CVE-2017-15715: a regular expression could match \u0027$\u0027 to a newline character in a malicious filename, \n rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]\n \n * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent \n reply attacks was not correctly generated using a pseudo-random seed. \n In a cluster of servers using a common Digest authentication configuration, \n HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]\n \n * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, \n uses the Accept-Language header value to lookup the right charset encoding when verifying the \n user\u0027s credentials. If the header value is not present in the charset conversion table, \n a fallback mechanism is used to truncate it to a two characters value to allow a quick retry \n (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). \n A header value of less than two characters forces an out of bound write of one NUL byte to a \n memory location that is not part of the string. In the worst case, quite unlikely, the process \n would crash which could be used as a Denial of Service attack. In the more likely case, this memory \n is already reserved for future use and the issue has no effect at all. [bsc#1086820]\n \n * gensslcert: fall back to \u0027localhost\u0027 as hostname [bsc#1057406]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-6-2018-593,SUSE-SLE-SAP-12-SP1-2018-593,SUSE-SLE-SERVER-12-SP1-2018-593",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0879-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0879-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180879-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0879-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003875.html"
},
{
"category": "self",
"summary": "SUSE Bug 1057406",
"url": "https://bugzilla.suse.com/1057406"
},
{
"category": "self",
"summary": "SUSE Bug 1086774",
"url": "https://bugzilla.suse.com/1086774"
},
{
"category": "self",
"summary": "SUSE Bug 1086775",
"url": "https://bugzilla.suse.com/1086775"
},
{
"category": "self",
"summary": "SUSE Bug 1086813",
"url": "https://bugzilla.suse.com/1086813"
},
{
"category": "self",
"summary": "SUSE Bug 1086814",
"url": "https://bugzilla.suse.com/1086814"
},
{
"category": "self",
"summary": "SUSE Bug 1086817",
"url": "https://bugzilla.suse.com/1086817"
},
{
"category": "self",
"summary": "SUSE Bug 1086820",
"url": "https://bugzilla.suse.com/1086820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15710 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1283 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1303 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1312/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-04-05T15:22:35Z",
"generator": {
"date": "2018-04-05T15:22:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0879-1",
"initial_release_date": "2018-04-05T15:22:35Z",
"revision_history": [
{
"date": "2018-04-05T15:22:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.16-20.16.1.noarch",
"product": {
"name": "apache2-doc-2.4.16-20.16.1.noarch",
"product_id": "apache2-doc-2.4.16-20.16.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.16-20.16.1.ppc64le",
"product": {
"name": "apache2-2.4.16-20.16.1.ppc64le",
"product_id": "apache2-2.4.16-20.16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-20.16.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.16-20.16.1.ppc64le",
"product_id": "apache2-example-pages-2.4.16-20.16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-20.16.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.16-20.16.1.ppc64le",
"product_id": "apache2-prefork-2.4.16-20.16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-20.16.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.16-20.16.1.ppc64le",
"product_id": "apache2-utils-2.4.16-20.16.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-20.16.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.16-20.16.1.ppc64le",
"product_id": "apache2-worker-2.4.16-20.16.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.16-20.16.1.s390x",
"product": {
"name": "apache2-2.4.16-20.16.1.s390x",
"product_id": "apache2-2.4.16-20.16.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-20.16.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.16-20.16.1.s390x",
"product_id": "apache2-example-pages-2.4.16-20.16.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-20.16.1.s390x",
"product": {
"name": "apache2-prefork-2.4.16-20.16.1.s390x",
"product_id": "apache2-prefork-2.4.16-20.16.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-20.16.1.s390x",
"product": {
"name": "apache2-utils-2.4.16-20.16.1.s390x",
"product_id": "apache2-utils-2.4.16-20.16.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-20.16.1.s390x",
"product": {
"name": "apache2-worker-2.4.16-20.16.1.s390x",
"product_id": "apache2-worker-2.4.16-20.16.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.16-20.16.1.x86_64",
"product": {
"name": "apache2-2.4.16-20.16.1.x86_64",
"product_id": "apache2-2.4.16-20.16.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-20.16.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.16-20.16.1.x86_64",
"product_id": "apache2-example-pages-2.4.16-20.16.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-20.16.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.16-20.16.1.x86_64",
"product_id": "apache2-prefork-2.4.16-20.16.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-20.16.1.x86_64",
"product": {
"name": "apache2-utils-2.4.16-20.16.1.x86_64",
"product_id": "apache2-utils-2.4.16-20.16.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-20.16.1.x86_64",
"product": {
"name": "apache2-worker-2.4.16-20.16.1.x86_64",
"product_id": "apache2-worker-2.4.16-20.16.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6",
"product": {
"name": "SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.16.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.16-20.16.1.noarch as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch"
},
"product_reference": "apache2-doc-2.4.16-20.16.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.16.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.16.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.16.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-utils-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.16.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-worker-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.16-20.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch"
},
"product_reference": "apache2-doc-2.4.16-20.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-utils-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-worker-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x"
},
"product_reference": "apache2-2.4.16-20.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.16-20.16.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch"
},
"product_reference": "apache2-doc-2.4.16-20.16.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.16-20.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x"
},
"product_reference": "apache2-prefork-2.4.16-20.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x"
},
"product_reference": "apache2-utils-2.4.16-20.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-utils-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.16.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.16-20.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.16.1.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x"
},
"product_reference": "apache2-worker-2.4.16-20.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-20.16.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64"
},
"product_reference": "apache2-worker-2.4.16-20.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15710"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15710",
"url": "https://www.suse.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "SUSE Bug 1086776 for CVE-2017-15710",
"url": "https://bugzilla.suse.com/1086776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-05T15:22:35Z",
"details": "moderate"
}
],
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-15715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15715"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15715",
"url": "https://www.suse.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "SUSE Bug 1086774 for CVE-2017-15715",
"url": "https://bugzilla.suse.com/1086774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-05T15:22:35Z",
"details": "moderate"
}
],
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2018-1283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1283"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1283",
"url": "https://www.suse.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "SUSE Bug 1086814 for CVE-2018-1283",
"url": "https://bugzilla.suse.com/1086814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-05T15:22:35Z",
"details": "important"
}
],
"title": "CVE-2018-1283"
},
{
"cve": "CVE-2018-1301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1301"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1301",
"url": "https://www.suse.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "SUSE Bug 1086817 for CVE-2018-1301",
"url": "https://bugzilla.suse.com/1086817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-05T15:22:35Z",
"details": "important"
}
],
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-1303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1303"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1303",
"url": "https://www.suse.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "SUSE Bug 1086813 for CVE-2018-1303",
"url": "https://bugzilla.suse.com/1086813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-05T15:22:35Z",
"details": "important"
}
],
"title": "CVE-2018-1303"
},
{
"cve": "CVE-2018-1312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1312"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1312",
"url": "https://www.suse.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "SUSE Bug 1086775 for CVE-2018-1312",
"url": "https://bugzilla.suse.com/1086775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-doc-2.4.16-20.16.1.noarch",
"SUSE OpenStack Cloud 6:apache2-example-pages-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-prefork-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-utils-2.4.16-20.16.1.x86_64",
"SUSE OpenStack Cloud 6:apache2-worker-2.4.16-20.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-05T15:22:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-1312"
}
]
}
SUSE-SU-2018:0901-1
Vulnerability from csaf_suse - Published: 2018-04-08 19:40 - Updated: 2018-04-08 19:40Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
* CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications
(SessionEnv on, not the default), a remote user may influence their content by
using a \'Session\' header leading to unexpected behavior [bsc#1086814].
* CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header,
a specially crafted request could lead to remote denial of service. [bsc#1086817]
* CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read
while preparing data to be cached in shared memory.[bsc#1086813]
* CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename,
rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]
* CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent
reply attacks was not correctly generated using a pseudo-random seed.
In a cluster of servers using a common Digest authentication configuration,
HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]
* CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
uses the Accept-Language header value to lookup the right charset encoding when verifying the
user's credentials. If the header value is not present in the charset conversion table,
a fallback mechanism is used to truncate it to a two characters value to allow a quick retry
(for example, 'en-US' is truncated to 'en').
A header value of less than two characters forces an out of bound write of one NUL byte to a
memory location that is not part of the string. In the worst case, quite unlikely, the process
would crash which could be used as a Denial of Service attack. In the more likely case, this memory
is already reserved for future use and the issue has no effect at all. [bsc#1086820]
* gensslcert: fall back to 'localhost' as hostname [bsc#1057406]
Patchnames: SUSE-SLE-SERVER-12-2018-602
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n\n * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications \n (SessionEnv on, not the default), a remote user may influence their content by \n using a \\\u0027Session\\\u0027 header leading to unexpected behavior [bsc#1086814].\n\n * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, \n a specially crafted request could lead to remote denial of service. [bsc#1086817]\n \n * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read \n while preparing data to be cached in shared memory.[bsc#1086813]\n \n * CVE-2017-15715: a regular expression could match \u0027$\u0027 to a newline character in a malicious filename, \n rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]\n \n * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent \n reply attacks was not correctly generated using a pseudo-random seed. \n In a cluster of servers using a common Digest authentication configuration, \n HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]\n \n * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, \n uses the Accept-Language header value to lookup the right charset encoding when verifying the \n user\u0027s credentials. If the header value is not present in the charset conversion table, \n a fallback mechanism is used to truncate it to a two characters value to allow a quick retry \n (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). \n A header value of less than two characters forces an out of bound write of one NUL byte to a \n memory location that is not part of the string. In the worst case, quite unlikely, the process \n would crash which could be used as a Denial of Service attack. In the more likely case, this memory \n is already reserved for future use and the issue has no effect at all. [bsc#1086820]\n \n * gensslcert: fall back to \u0027localhost\u0027 as hostname [bsc#1057406]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-2018-602",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0901-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0901-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180901-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0901-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003877.html"
},
{
"category": "self",
"summary": "SUSE Bug 1057406",
"url": "https://bugzilla.suse.com/1057406"
},
{
"category": "self",
"summary": "SUSE Bug 1086774",
"url": "https://bugzilla.suse.com/1086774"
},
{
"category": "self",
"summary": "SUSE Bug 1086775",
"url": "https://bugzilla.suse.com/1086775"
},
{
"category": "self",
"summary": "SUSE Bug 1086813",
"url": "https://bugzilla.suse.com/1086813"
},
{
"category": "self",
"summary": "SUSE Bug 1086814",
"url": "https://bugzilla.suse.com/1086814"
},
{
"category": "self",
"summary": "SUSE Bug 1086817",
"url": "https://bugzilla.suse.com/1086817"
},
{
"category": "self",
"summary": "SUSE Bug 1086820",
"url": "https://bugzilla.suse.com/1086820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15710 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1283 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1303 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1312/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-04-08T19:40:13Z",
"generator": {
"date": "2018-04-08T19:40:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0901-1",
"initial_release_date": "2018-04-08T19:40:13Z",
"revision_history": [
{
"date": "2018-04-08T19:40:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.10-14.31.1.noarch",
"product": {
"name": "apache2-doc-2.4.10-14.31.1.noarch",
"product_id": "apache2-doc-2.4.10-14.31.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.31.1.ppc64le",
"product": {
"name": "apache2-2.4.10-14.31.1.ppc64le",
"product_id": "apache2-2.4.10-14.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.31.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.10-14.31.1.ppc64le",
"product_id": "apache2-example-pages-2.4.10-14.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.31.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.10-14.31.1.ppc64le",
"product_id": "apache2-prefork-2.4.10-14.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.31.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.10-14.31.1.ppc64le",
"product_id": "apache2-utils-2.4.10-14.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.31.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.10-14.31.1.ppc64le",
"product_id": "apache2-worker-2.4.10-14.31.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.31.1.s390x",
"product": {
"name": "apache2-2.4.10-14.31.1.s390x",
"product_id": "apache2-2.4.10-14.31.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.31.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.10-14.31.1.s390x",
"product_id": "apache2-example-pages-2.4.10-14.31.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.31.1.s390x",
"product": {
"name": "apache2-prefork-2.4.10-14.31.1.s390x",
"product_id": "apache2-prefork-2.4.10-14.31.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.31.1.s390x",
"product": {
"name": "apache2-utils-2.4.10-14.31.1.s390x",
"product_id": "apache2-utils-2.4.10-14.31.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.31.1.s390x",
"product": {
"name": "apache2-worker-2.4.10-14.31.1.s390x",
"product_id": "apache2-worker-2.4.10-14.31.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.31.1.x86_64",
"product": {
"name": "apache2-2.4.10-14.31.1.x86_64",
"product_id": "apache2-2.4.10-14.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.31.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.10-14.31.1.x86_64",
"product_id": "apache2-example-pages-2.4.10-14.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.31.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.10-14.31.1.x86_64",
"product_id": "apache2-prefork-2.4.10-14.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.31.1.x86_64",
"product": {
"name": "apache2-utils-2.4.10-14.31.1.x86_64",
"product_id": "apache2-utils-2.4.10-14.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.31.1.x86_64",
"product": {
"name": "apache2-worker-2.4.10-14.31.1.x86_64",
"product_id": "apache2-worker-2.4.10-14.31.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.31.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le"
},
"product_reference": "apache2-2.4.10-14.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x"
},
"product_reference": "apache2-2.4.10-14.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64"
},
"product_reference": "apache2-2.4.10-14.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.10-14.31.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch"
},
"product_reference": "apache2-doc-2.4.10-14.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.31.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.10-14.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.10-14.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.10-14.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.31.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.10-14.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x"
},
"product_reference": "apache2-prefork-2.4.10-14.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.10-14.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.31.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.10-14.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x"
},
"product_reference": "apache2-utils-2.4.10-14.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64"
},
"product_reference": "apache2-utils-2.4.10-14.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.31.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.10-14.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.31.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x"
},
"product_reference": "apache2-worker-2.4.10-14.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.31.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
},
"product_reference": "apache2-worker-2.4.10-14.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15710"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15710",
"url": "https://www.suse.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "SUSE Bug 1086776 for CVE-2017-15710",
"url": "https://bugzilla.suse.com/1086776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-08T19:40:13Z",
"details": "moderate"
}
],
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-15715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15715"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15715",
"url": "https://www.suse.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "SUSE Bug 1086774 for CVE-2017-15715",
"url": "https://bugzilla.suse.com/1086774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-08T19:40:13Z",
"details": "moderate"
}
],
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2018-1283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1283"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1283",
"url": "https://www.suse.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "SUSE Bug 1086814 for CVE-2018-1283",
"url": "https://bugzilla.suse.com/1086814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-08T19:40:13Z",
"details": "important"
}
],
"title": "CVE-2018-1283"
},
{
"cve": "CVE-2018-1301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1301"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1301",
"url": "https://www.suse.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "SUSE Bug 1086817 for CVE-2018-1301",
"url": "https://bugzilla.suse.com/1086817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-08T19:40:13Z",
"details": "important"
}
],
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-1303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1303"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1303",
"url": "https://www.suse.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "SUSE Bug 1086813 for CVE-2018-1303",
"url": "https://bugzilla.suse.com/1086813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-08T19:40:13Z",
"details": "important"
}
],
"title": "CVE-2018-1303"
},
{
"cve": "CVE-2018-1312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1312"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1312",
"url": "https://www.suse.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "SUSE Bug 1086775 for CVE-2018-1312",
"url": "https://bugzilla.suse.com/1086775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.31.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.31.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-08T19:40:13Z",
"details": "moderate"
}
],
"title": "CVE-2018-1312"
}
]
}
SUSE-SU-2018:1079-1
Vulnerability from csaf_suse - Published: 2018-04-25 12:16 - Updated: 2018-04-25 12:16Summary
Security update for apache2
Severity
Moderate
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
- security update:
* CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817]
* CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776]
* CVE-2018-1312: Seed wrongly generated could lead to replay attack in cluster environments. [bsc#1086775]
Patchnames: sdksp4-apache2-13573,slessp4-apache2-13573,slestso13-apache2-13573
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n- security update:\n * CVE-2018-1301: Specially crafted requests, in debug mode, could lead to denial of service. [bsc#1086817]\n * CVE-2017-15710: failure in the language fallback handling could lead to denial of service. [bsc#1086776]\n * CVE-2018-1312: Seed wrongly generated could lead to replay attack in cluster environments. [bsc#1086775]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-apache2-13573,slessp4-apache2-13573,slestso13-apache2-13573",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1079-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1079-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181079-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1079-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003962.html"
},
{
"category": "self",
"summary": "SUSE Bug 1086775",
"url": "https://bugzilla.suse.com/1086775"
},
{
"category": "self",
"summary": "SUSE Bug 1086776",
"url": "https://bugzilla.suse.com/1086776"
},
{
"category": "self",
"summary": "SUSE Bug 1086817",
"url": "https://bugzilla.suse.com/1086817"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15710 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1312/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-04-25T12:16:31Z",
"generator": {
"date": "2018-04-25T12:16:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1079-1",
"initial_release_date": "2018-04-25T12:16:31Z",
"revision_history": [
{
"date": "2018-04-25T12:16:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.2.34-70.15.1.i586",
"product": {
"name": "apache2-2.2.34-70.15.1.i586",
"product_id": "apache2-2.2.34-70.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.15.1.i586",
"product": {
"name": "apache2-devel-2.2.34-70.15.1.i586",
"product_id": "apache2-devel-2.2.34-70.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.15.1.i586",
"product": {
"name": "apache2-doc-2.2.34-70.15.1.i586",
"product_id": "apache2-doc-2.2.34-70.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.15.1.i586",
"product": {
"name": "apache2-example-pages-2.2.34-70.15.1.i586",
"product_id": "apache2-example-pages-2.2.34-70.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.15.1.i586",
"product": {
"name": "apache2-prefork-2.2.34-70.15.1.i586",
"product_id": "apache2-prefork-2.2.34-70.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.15.1.i586",
"product": {
"name": "apache2-utils-2.2.34-70.15.1.i586",
"product_id": "apache2-utils-2.2.34-70.15.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.15.1.i586",
"product": {
"name": "apache2-worker-2.2.34-70.15.1.i586",
"product_id": "apache2-worker-2.2.34-70.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.15.1.ia64",
"product": {
"name": "apache2-devel-2.2.34-70.15.1.ia64",
"product_id": "apache2-devel-2.2.34-70.15.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-2.2.34-70.15.1.ia64",
"product": {
"name": "apache2-2.2.34-70.15.1.ia64",
"product_id": "apache2-2.2.34-70.15.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.15.1.ia64",
"product": {
"name": "apache2-doc-2.2.34-70.15.1.ia64",
"product_id": "apache2-doc-2.2.34-70.15.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.15.1.ia64",
"product": {
"name": "apache2-example-pages-2.2.34-70.15.1.ia64",
"product_id": "apache2-example-pages-2.2.34-70.15.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.15.1.ia64",
"product": {
"name": "apache2-prefork-2.2.34-70.15.1.ia64",
"product_id": "apache2-prefork-2.2.34-70.15.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.15.1.ia64",
"product": {
"name": "apache2-utils-2.2.34-70.15.1.ia64",
"product_id": "apache2-utils-2.2.34-70.15.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.15.1.ia64",
"product": {
"name": "apache2-worker-2.2.34-70.15.1.ia64",
"product_id": "apache2-worker-2.2.34-70.15.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.15.1.ppc64",
"product": {
"name": "apache2-devel-2.2.34-70.15.1.ppc64",
"product_id": "apache2-devel-2.2.34-70.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-2.2.34-70.15.1.ppc64",
"product": {
"name": "apache2-2.2.34-70.15.1.ppc64",
"product_id": "apache2-2.2.34-70.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.15.1.ppc64",
"product": {
"name": "apache2-doc-2.2.34-70.15.1.ppc64",
"product_id": "apache2-doc-2.2.34-70.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.15.1.ppc64",
"product": {
"name": "apache2-example-pages-2.2.34-70.15.1.ppc64",
"product_id": "apache2-example-pages-2.2.34-70.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.15.1.ppc64",
"product": {
"name": "apache2-prefork-2.2.34-70.15.1.ppc64",
"product_id": "apache2-prefork-2.2.34-70.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.15.1.ppc64",
"product": {
"name": "apache2-utils-2.2.34-70.15.1.ppc64",
"product_id": "apache2-utils-2.2.34-70.15.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.15.1.ppc64",
"product": {
"name": "apache2-worker-2.2.34-70.15.1.ppc64",
"product_id": "apache2-worker-2.2.34-70.15.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.15.1.s390x",
"product": {
"name": "apache2-devel-2.2.34-70.15.1.s390x",
"product_id": "apache2-devel-2.2.34-70.15.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.2.34-70.15.1.s390x",
"product": {
"name": "apache2-2.2.34-70.15.1.s390x",
"product_id": "apache2-2.2.34-70.15.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.15.1.s390x",
"product": {
"name": "apache2-doc-2.2.34-70.15.1.s390x",
"product_id": "apache2-doc-2.2.34-70.15.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.15.1.s390x",
"product": {
"name": "apache2-example-pages-2.2.34-70.15.1.s390x",
"product_id": "apache2-example-pages-2.2.34-70.15.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.15.1.s390x",
"product": {
"name": "apache2-prefork-2.2.34-70.15.1.s390x",
"product_id": "apache2-prefork-2.2.34-70.15.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.15.1.s390x",
"product": {
"name": "apache2-utils-2.2.34-70.15.1.s390x",
"product_id": "apache2-utils-2.2.34-70.15.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.15.1.s390x",
"product": {
"name": "apache2-worker-2.2.34-70.15.1.s390x",
"product_id": "apache2-worker-2.2.34-70.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.2.34-70.15.1.x86_64",
"product": {
"name": "apache2-2.2.34-70.15.1.x86_64",
"product_id": "apache2-2.2.34-70.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.2.34-70.15.1.x86_64",
"product": {
"name": "apache2-devel-2.2.34-70.15.1.x86_64",
"product_id": "apache2-devel-2.2.34-70.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.34-70.15.1.x86_64",
"product": {
"name": "apache2-doc-2.2.34-70.15.1.x86_64",
"product_id": "apache2-doc-2.2.34-70.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.34-70.15.1.x86_64",
"product": {
"name": "apache2-example-pages-2.2.34-70.15.1.x86_64",
"product_id": "apache2-example-pages-2.2.34-70.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.34-70.15.1.x86_64",
"product": {
"name": "apache2-prefork-2.2.34-70.15.1.x86_64",
"product_id": "apache2-prefork-2.2.34-70.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.34-70.15.1.x86_64",
"product": {
"name": "apache2-utils-2.2.34-70.15.1.x86_64",
"product_id": "apache2-utils-2.2.34-70.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.34-70.15.1.x86_64",
"product": {
"name": "apache2-worker-2.2.34-70.15.1.x86_64",
"product_id": "apache2-worker-2.2.34-70.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-devel-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-devel-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-devel-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-devel-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-devel-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-doc-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-utils-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.34-70.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-worker-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.34-70.15.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
},
"product_reference": "apache2-devel-2.2.34-70.15.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15710"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15710",
"url": "https://www.suse.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "SUSE Bug 1086776 for CVE-2017-15710",
"url": "https://bugzilla.suse.com/1086776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-25T12:16:31Z",
"details": "moderate"
}
],
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2018-1301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1301"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1301",
"url": "https://www.suse.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "SUSE Bug 1086817 for CVE-2018-1301",
"url": "https://bugzilla.suse.com/1086817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-25T12:16:31Z",
"details": "important"
}
],
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-1312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1312"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1312",
"url": "https://www.suse.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "SUSE Bug 1086775 for CVE-2018-1312",
"url": "https://bugzilla.suse.com/1086775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.34-70.15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.34-70.15.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.34-70.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-04-25T12:16:31Z",
"details": "moderate"
}
],
"title": "CVE-2018-1312"
}
]
}
SUSE-SU-2018:1161-1
Vulnerability from csaf_suse - Published: 2018-05-07 12:56 - Updated: 2018-05-07 12:56Summary
Security update for apache2
Severity
Moderate
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
* CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications
(SessionEnv on, not the default), a remote user may influence their content by
using a \'Session\' header leading to unexpected behavior [bsc#1086814].
* CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header,
a specially crafted request could lead to remote denial of service. [bsc#1086817]
* CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read
while preparing data to be cached in shared memory.[bsc#1086813]
* CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename,
rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]
* CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent
reply attacks was not correctly generated using a pseudo-random seed.
In a cluster of servers using a common Digest authentication configuration,
HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]
* CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
uses the Accept-Language header value to lookup the right charset encoding when verifying the
user's credentials. If the header value is not present in the charset conversion table,
a fallback mechanism is used to truncate it to a two characters value to allow a quick retry
(for example, 'en-US' is truncated to 'en').
A header value of less than two characters forces an out of bound write of one NUL byte to a
memory location that is not part of the string. In the worst case, quite unlikely, the process
would crash which could be used as a Denial of Service attack. In the more likely case, this memory
is already reserved for future use and the issue has no effect at all. [bsc#1086820]
* CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it
could have written a NULL pointer potentially to an already freed memory.
The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations,
the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
[bsc#1086820]
Patchnames: SUSE-OpenStack-Cloud-7-2018-803,SUSE-SLE-SAP-12-SP2-2018-803,SUSE-SLE-SDK-12-SP3-2018-803,SUSE-SLE-SERVER-12-SP2-2018-803,SUSE-SLE-SERVER-12-SP3-2018-803
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
79 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications \n (SessionEnv on, not the default), a remote user may influence their content by \n using a \\\u0027Session\\\u0027 header leading to unexpected behavior [bsc#1086814].\n\n * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, \n a specially crafted request could lead to remote denial of service. [bsc#1086817]\n \n * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read \n while preparing data to be cached in shared memory.[bsc#1086813]\n \n * CVE-2017-15715: a regular expression could match \u0027$\u0027 to a newline character in a malicious filename, \n rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]\n \n * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent \n reply attacks was not correctly generated using a pseudo-random seed. \n In a cluster of servers using a common Digest authentication configuration, \n HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]\n \n * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, \n uses the Accept-Language header value to lookup the right charset encoding when verifying the \n user\u0027s credentials. If the header value is not present in the charset conversion table, \n a fallback mechanism is used to truncate it to a two characters value to allow a quick retry \n (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). \n A header value of less than two characters forces an out of bound write of one NUL byte to a \n memory location that is not part of the string. In the worst case, quite unlikely, the process \n would crash which could be used as a Denial of Service attack. In the more likely case, this memory \n is already reserved for future use and the issue has no effect at all. [bsc#1086820]\n \n * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it \n could have written a NULL pointer potentially to an already freed memory. \n The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, \n the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. \n [bsc#1086820]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-803,SUSE-SLE-SAP-12-SP2-2018-803,SUSE-SLE-SDK-12-SP3-2018-803,SUSE-SLE-SERVER-12-SP2-2018-803,SUSE-SLE-SERVER-12-SP3-2018-803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1161-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1161-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181161-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1161-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/003974.html"
},
{
"category": "self",
"summary": "SUSE Bug 1086774",
"url": "https://bugzilla.suse.com/1086774"
},
{
"category": "self",
"summary": "SUSE Bug 1086775",
"url": "https://bugzilla.suse.com/1086775"
},
{
"category": "self",
"summary": "SUSE Bug 1086813",
"url": "https://bugzilla.suse.com/1086813"
},
{
"category": "self",
"summary": "SUSE Bug 1086814",
"url": "https://bugzilla.suse.com/1086814"
},
{
"category": "self",
"summary": "SUSE Bug 1086817",
"url": "https://bugzilla.suse.com/1086817"
},
{
"category": "self",
"summary": "SUSE Bug 1086820",
"url": "https://bugzilla.suse.com/1086820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15710 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1283 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1302 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1303 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1312/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-05-07T12:56:41Z",
"generator": {
"date": "2018-05-07T12:56:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1161-1",
"initial_release_date": "2018-05-07T12:56:41Z",
"revision_history": [
{
"date": "2018-05-07T12:56:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-devel-2.4.23-29.18.2.aarch64",
"product_id": "apache2-devel-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-2.4.23-29.18.2.aarch64",
"product_id": "apache2-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.aarch64",
"product_id": "apache2-example-pages-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.aarch64",
"product_id": "apache2-prefork-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.aarch64",
"product_id": "apache2-utils-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.aarch64",
"product_id": "apache2-worker-2.4.23-29.18.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.23-29.18.2.noarch",
"product": {
"name": "apache2-doc-2.4.23-29.18.2.noarch",
"product_id": "apache2-doc-2.4.23-29.18.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-example-pages-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-prefork-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-utils-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-worker-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-devel-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-devel-2.4.23-29.18.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-devel-2.4.23-29.18.2.s390x",
"product_id": "apache2-devel-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-2.4.23-29.18.2.s390x",
"product_id": "apache2-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.s390x",
"product_id": "apache2-example-pages-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.s390x",
"product_id": "apache2-prefork-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.s390x",
"product_id": "apache2-utils-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.s390x",
"product_id": "apache2-worker-2.4.23-29.18.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-2.4.23-29.18.2.x86_64",
"product_id": "apache2-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"product_id": "apache2-example-pages-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64",
"product_id": "apache2-prefork-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64",
"product_id": "apache2-utils-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64",
"product_id": "apache2-worker-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-devel-2.4.23-29.18.2.x86_64",
"product_id": "apache2-devel-2.4.23-29.18.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-devel-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-devel-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-devel-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-devel-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15710"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15710",
"url": "https://www.suse.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "SUSE Bug 1086776 for CVE-2017-15710",
"url": "https://bugzilla.suse.com/1086776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "moderate"
}
],
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-15715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15715"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15715",
"url": "https://www.suse.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "SUSE Bug 1086774 for CVE-2017-15715",
"url": "https://bugzilla.suse.com/1086774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "moderate"
}
],
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2018-1283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1283"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1283",
"url": "https://www.suse.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "SUSE Bug 1086814 for CVE-2018-1283",
"url": "https://bugzilla.suse.com/1086814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "important"
}
],
"title": "CVE-2018-1283"
},
{
"cve": "CVE-2018-1301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1301"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1301",
"url": "https://www.suse.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "SUSE Bug 1086817 for CVE-2018-1301",
"url": "https://bugzilla.suse.com/1086817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "important"
}
],
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-1302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1302"
}
],
"notes": [
{
"category": "general",
"text": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1302",
"url": "https://www.suse.com/security/cve/CVE-2018-1302"
},
{
"category": "external",
"summary": "SUSE Bug 1086820 for CVE-2018-1302",
"url": "https://bugzilla.suse.com/1086820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "moderate"
}
],
"title": "CVE-2018-1302"
},
{
"cve": "CVE-2018-1303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1303"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1303",
"url": "https://www.suse.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "SUSE Bug 1086813 for CVE-2018-1303",
"url": "https://bugzilla.suse.com/1086813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "important"
}
],
"title": "CVE-2018-1303"
},
{
"cve": "CVE-2018-1312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1312"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1312",
"url": "https://www.suse.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "SUSE Bug 1086775 for CVE-2018-1312",
"url": "https://bugzilla.suse.com/1086775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "moderate"
}
],
"title": "CVE-2018-1312"
}
]
}
SUSE-SU-2018:1161-2
Vulnerability from csaf_suse - Published: 2018-10-18 12:42 - Updated: 2018-10-18 12:42Summary
Security update for apache2
Severity
Moderate
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
* CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications
(SessionEnv on, not the default), a remote user may influence their content by
using a \'Session\' header leading to unexpected behavior [bsc#1086814].
* CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header,
a specially crafted request could lead to remote denial of service. [bsc#1086817]
* CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read
while preparing data to be cached in shared memory.[bsc#1086813]
* CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename,
rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]
* CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent
reply attacks was not correctly generated using a pseudo-random seed.
In a cluster of servers using a common Digest authentication configuration,
HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]
* CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
uses the Accept-Language header value to lookup the right charset encoding when verifying the
user's credentials. If the header value is not present in the charset conversion table,
a fallback mechanism is used to truncate it to a two characters value to allow a quick retry
(for example, 'en-US' is truncated to 'en').
A header value of less than two characters forces an out of bound write of one NUL byte to a
memory location that is not part of the string. In the worst case, quite unlikely, the process
would crash which could be used as a Denial of Service attack. In the more likely case, this memory
is already reserved for future use and the issue has no effect at all. [bsc#1086820]
* CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it
could have written a NULL pointer potentially to an already freed memory.
The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations,
the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
[bsc#1086820]
Patchnames: SUSE-SLE-SERVER-12-SP2-BCL-2018-803
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications \n (SessionEnv on, not the default), a remote user may influence their content by \n using a \\\u0027Session\\\u0027 header leading to unexpected behavior [bsc#1086814].\n\n * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, \n a specially crafted request could lead to remote denial of service. [bsc#1086817]\n \n * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read \n while preparing data to be cached in shared memory.[bsc#1086813]\n \n * CVE-2017-15715: a regular expression could match \u0027$\u0027 to a newline character in a malicious filename, \n rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]\n \n * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent \n reply attacks was not correctly generated using a pseudo-random seed. \n In a cluster of servers using a common Digest authentication configuration, \n HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]\n \n * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, \n uses the Accept-Language header value to lookup the right charset encoding when verifying the \n user\u0027s credentials. If the header value is not present in the charset conversion table, \n a fallback mechanism is used to truncate it to a two characters value to allow a quick retry \n (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). \n A header value of less than two characters forces an out of bound write of one NUL byte to a \n memory location that is not part of the string. In the worst case, quite unlikely, the process \n would crash which could be used as a Denial of Service attack. In the more likely case, this memory \n is already reserved for future use and the issue has no effect at all. [bsc#1086820]\n \n * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it \n could have written a NULL pointer potentially to an already freed memory. \n The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, \n the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. \n [bsc#1086820]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1161-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1161-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181161-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1161-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004700.html"
},
{
"category": "self",
"summary": "SUSE Bug 1086774",
"url": "https://bugzilla.suse.com/1086774"
},
{
"category": "self",
"summary": "SUSE Bug 1086775",
"url": "https://bugzilla.suse.com/1086775"
},
{
"category": "self",
"summary": "SUSE Bug 1086813",
"url": "https://bugzilla.suse.com/1086813"
},
{
"category": "self",
"summary": "SUSE Bug 1086814",
"url": "https://bugzilla.suse.com/1086814"
},
{
"category": "self",
"summary": "SUSE Bug 1086817",
"url": "https://bugzilla.suse.com/1086817"
},
{
"category": "self",
"summary": "SUSE Bug 1086820",
"url": "https://bugzilla.suse.com/1086820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15710 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1283 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1302 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1303 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1312/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-10-18T12:42:54Z",
"generator": {
"date": "2018-10-18T12:42:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1161-2",
"initial_release_date": "2018-10-18T12:42:54Z",
"revision_history": [
{
"date": "2018-10-18T12:42:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.23-29.18.2.noarch",
"product": {
"name": "apache2-doc-2.4.23-29.18.2.noarch",
"product_id": "apache2-doc-2.4.23-29.18.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-2.4.23-29.18.2.x86_64",
"product_id": "apache2-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"product_id": "apache2-example-pages-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64",
"product_id": "apache2-prefork-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64",
"product_id": "apache2-utils-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64",
"product_id": "apache2-worker-2.4.23-29.18.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15710"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15710",
"url": "https://www.suse.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "SUSE Bug 1086776 for CVE-2017-15710",
"url": "https://bugzilla.suse.com/1086776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "moderate"
}
],
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-15715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15715"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15715",
"url": "https://www.suse.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "SUSE Bug 1086774 for CVE-2017-15715",
"url": "https://bugzilla.suse.com/1086774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "moderate"
}
],
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2018-1283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1283"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1283",
"url": "https://www.suse.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "SUSE Bug 1086814 for CVE-2018-1283",
"url": "https://bugzilla.suse.com/1086814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "important"
}
],
"title": "CVE-2018-1283"
},
{
"cve": "CVE-2018-1301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1301"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1301",
"url": "https://www.suse.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "SUSE Bug 1086817 for CVE-2018-1301",
"url": "https://bugzilla.suse.com/1086817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "important"
}
],
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-1302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1302"
}
],
"notes": [
{
"category": "general",
"text": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1302",
"url": "https://www.suse.com/security/cve/CVE-2018-1302"
},
{
"category": "external",
"summary": "SUSE Bug 1086820 for CVE-2018-1302",
"url": "https://bugzilla.suse.com/1086820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-1302"
},
{
"cve": "CVE-2018-1303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1303"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1303",
"url": "https://www.suse.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "SUSE Bug 1086813 for CVE-2018-1303",
"url": "https://bugzilla.suse.com/1086813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "important"
}
],
"title": "CVE-2018-1303"
},
{
"cve": "CVE-2018-1312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1312"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1312",
"url": "https://www.suse.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "SUSE Bug 1086775 for CVE-2018-1312",
"url": "https://bugzilla.suse.com/1086775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-1312"
}
]
}
WID-SEC-W-2023-1594
Vulnerability from csaf_certbund - Published: 2023-06-28 22:00 - Updated: 2023-06-28 22:00Summary
IBM Tivoli Network Manager: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Tivoli Network Manager ist eine Netzanalysesoftware für das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Berechtigungen.
References
54 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1594 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1594.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1594 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1594"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/885316"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/884276"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/883428"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/883424"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882926"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882898"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/882888"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880403"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880401"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/880395"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/879855"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/879841"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870546"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870526"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870508"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870504"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870500"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/870498"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/743933"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739297"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739271"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739249"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739247"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739245"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/739243"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/738231"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/731931"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730883"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730871"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730845"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730835"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/730171"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720307"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720283"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/720265"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/718745"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717345"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717335"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717327"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/717007"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/716573"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/712213"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/712199"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/570557"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569765"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569727"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/569717"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/305321"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/304091"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/304089"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/303663"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2023-06-28",
"url": "https://www.ibm.com/support/pages/node/303657"
}
],
"source_lang": "en-US",
"title": "IBM Tivoli Network Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-28T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:53:31.776+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1594",
"initial_release_date": "2023-06-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5",
"product_id": "T028343",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_5"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9",
"product_id": "T028344",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1",
"product_id": "T028345",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.1.1"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 4.2",
"product_id": "T028346",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4",
"product_id": "T028347",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.4"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5",
"product_id": "T028348",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.5"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4",
"product_id": "T028349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_4"
}
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-4046",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-4046"
},
{
"cve": "CVE-2019-4030",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-4030"
},
{
"cve": "CVE-2019-2684",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2684"
},
{
"cve": "CVE-2019-2602",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2602"
},
{
"cve": "CVE-2019-2537",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2537"
},
{
"cve": "CVE-2019-2534",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2534"
},
{
"cve": "CVE-2019-2531",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2531"
},
{
"cve": "CVE-2019-2529",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2529"
},
{
"cve": "CVE-2019-2503",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2503"
},
{
"cve": "CVE-2019-2482",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2482"
},
{
"cve": "CVE-2019-2481",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2481"
},
{
"cve": "CVE-2019-2455",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-2455"
},
{
"cve": "CVE-2019-1559",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-1559"
},
{
"cve": "CVE-2019-0220",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2019-0220"
},
{
"cve": "CVE-2018-8039",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-8039"
},
{
"cve": "CVE-2018-5407",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-5407"
},
{
"cve": "CVE-2018-3282",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3282"
},
{
"cve": "CVE-2018-3278",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3278"
},
{
"cve": "CVE-2018-3276",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3276"
},
{
"cve": "CVE-2018-3251",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3251"
},
{
"cve": "CVE-2018-3247",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3247"
},
{
"cve": "CVE-2018-3174",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3174"
},
{
"cve": "CVE-2018-3156",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3156"
},
{
"cve": "CVE-2018-3143",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3143"
},
{
"cve": "CVE-2018-3123",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3123"
},
{
"cve": "CVE-2018-3084",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3084"
},
{
"cve": "CVE-2018-3082",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3082"
},
{
"cve": "CVE-2018-3081",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3081"
},
{
"cve": "CVE-2018-3080",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3080"
},
{
"cve": "CVE-2018-3079",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3079"
},
{
"cve": "CVE-2018-3078",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3078"
},
{
"cve": "CVE-2018-3077",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3077"
},
{
"cve": "CVE-2018-3075",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3075"
},
{
"cve": "CVE-2018-3074",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3074"
},
{
"cve": "CVE-2018-3073",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3073"
},
{
"cve": "CVE-2018-3071",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3071"
},
{
"cve": "CVE-2018-3070",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3070"
},
{
"cve": "CVE-2018-3067",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3067"
},
{
"cve": "CVE-2018-3066",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3066"
},
{
"cve": "CVE-2018-3065",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3065"
},
{
"cve": "CVE-2018-3064",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3064"
},
{
"cve": "CVE-2018-3063",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3063"
},
{
"cve": "CVE-2018-3062",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3062"
},
{
"cve": "CVE-2018-3061",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3061"
},
{
"cve": "CVE-2018-3060",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3060"
},
{
"cve": "CVE-2018-3058",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3058"
},
{
"cve": "CVE-2018-3056",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3056"
},
{
"cve": "CVE-2018-3054",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-3054"
},
{
"cve": "CVE-2018-2877",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2877"
},
{
"cve": "CVE-2018-2846",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2846"
},
{
"cve": "CVE-2018-2839",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2839"
},
{
"cve": "CVE-2018-2819",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2819"
},
{
"cve": "CVE-2018-2818",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2818"
},
{
"cve": "CVE-2018-2817",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2817"
},
{
"cve": "CVE-2018-2816",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2816"
},
{
"cve": "CVE-2018-2813",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2813"
},
{
"cve": "CVE-2018-2812",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2812"
},
{
"cve": "CVE-2018-2810",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2810"
},
{
"cve": "CVE-2018-2805",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2805"
},
{
"cve": "CVE-2018-2787",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2787"
},
{
"cve": "CVE-2018-2786",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2786"
},
{
"cve": "CVE-2018-2784",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2784"
},
{
"cve": "CVE-2018-2782",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2782"
},
{
"cve": "CVE-2018-2781",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2781"
},
{
"cve": "CVE-2018-2780",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2780"
},
{
"cve": "CVE-2018-2779",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2779"
},
{
"cve": "CVE-2018-2778",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2778"
},
{
"cve": "CVE-2018-2777",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2777"
},
{
"cve": "CVE-2018-2776",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2776"
},
{
"cve": "CVE-2018-2775",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2775"
},
{
"cve": "CVE-2018-2773",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2773"
},
{
"cve": "CVE-2018-2771",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2771"
},
{
"cve": "CVE-2018-2769",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2769"
},
{
"cve": "CVE-2018-2766",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2766"
},
{
"cve": "CVE-2018-2762",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2762"
},
{
"cve": "CVE-2018-2761",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2761"
},
{
"cve": "CVE-2018-2759",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2759"
},
{
"cve": "CVE-2018-2758",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2758"
},
{
"cve": "CVE-2018-2755",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2755"
},
{
"cve": "CVE-2018-2598",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-2598"
},
{
"cve": "CVE-2018-1996",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1996"
},
{
"cve": "CVE-2018-1926",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1926"
},
{
"cve": "CVE-2018-1904",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1904"
},
{
"cve": "CVE-2018-1902",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1902"
},
{
"cve": "CVE-2018-1901",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1901"
},
{
"cve": "CVE-2018-1798",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1798"
},
{
"cve": "CVE-2018-1797",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1797"
},
{
"cve": "CVE-2018-1794",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1794"
},
{
"cve": "CVE-2018-1793",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1793"
},
{
"cve": "CVE-2018-1777",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1777"
},
{
"cve": "CVE-2018-1770",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1770"
},
{
"cve": "CVE-2018-1767",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1767"
},
{
"cve": "CVE-2018-1719",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1719"
},
{
"cve": "CVE-2018-1695",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1695"
},
{
"cve": "CVE-2018-1656",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1656"
},
{
"cve": "CVE-2018-1643",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1643"
},
{
"cve": "CVE-2018-1621",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1621"
},
{
"cve": "CVE-2018-1614",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1614"
},
{
"cve": "CVE-2018-1567",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1567"
},
{
"cve": "CVE-2018-1447",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1447"
},
{
"cve": "CVE-2018-1428",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1428"
},
{
"cve": "CVE-2018-1427",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1427"
},
{
"cve": "CVE-2018-1426",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1426"
},
{
"cve": "CVE-2018-1301",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-12539",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-12539"
},
{
"cve": "CVE-2018-10237",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-0734",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0732",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2017-9798",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-9798"
},
{
"cve": "CVE-2017-3738",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3738"
},
{
"cve": "CVE-2017-3737",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3737"
},
{
"cve": "CVE-2017-3736",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3736"
},
{
"cve": "CVE-2017-3735",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2017-3732",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-3732"
},
{
"cve": "CVE-2017-1743",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1743"
},
{
"cve": "CVE-2017-1741",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1741"
},
{
"cve": "CVE-2017-1731",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1731"
},
{
"cve": "CVE-2017-1681",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-1681"
},
{
"cve": "CVE-2017-15715",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2017-15710",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-12624",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12624"
},
{
"cve": "CVE-2017-12618",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12618"
},
{
"cve": "CVE-2017-12613",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2017-12613"
},
{
"cve": "CVE-2016-0705",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0705"
},
{
"cve": "CVE-2016-0702",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0702"
},
{
"cve": "CVE-2016-0701",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2016-0701"
},
{
"cve": "CVE-2015-0899",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2015-0899"
},
{
"cve": "CVE-2014-7810",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2014-7810"
},
{
"cve": "CVE-2012-5783",
"notes": [
{
"category": "description",
"text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen."
}
],
"release_date": "2023-06-28T22:00:00.000+00:00",
"title": "CVE-2012-5783"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…