Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-5387 (GCVE-0-2016-5387)
Vulnerability from cvelistv5 – Published: 2016-07-19 01:00 – Updated: 2024-08-06 01:00
VLAI
EPSS
Summary
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
54 references
Date Public
2016-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036330",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036330"
},
{
"name": "RHSA-2016:1420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1420"
},
{
"name": "RHSA-2016:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "91816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91816"
},
{
"name": "RHSA-2016:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1851"
},
{
"name": "USN-3038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3038-1"
},
{
"name": "VU#797896",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2016:1824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "RHSA-2016:1648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
},
{
"name": "DSA-3623",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3623"
},
{
"name": "RHSA-2016:1649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
},
{
"name": "RHSA-2016:1422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1422"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
},
{
"name": "RHSA-2016:1421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1421"
},
{
"name": "FEDORA-2016-a29c65b00f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
},
{
"name": "RHSA-2016:1650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"name": "RHSA-2016:1624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"name": "FEDORA-2016-df0726ae26",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://httpoxy.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201701-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "RHSA-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1636"
},
{
"name": "FEDORA-2016-9fd9bfab9e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
},
{
"name": "FEDORA-2016-683d0b257b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:11:53.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1036330",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036330"
},
{
"name": "RHSA-2016:1420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1420"
},
{
"name": "RHSA-2016:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "91816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91816"
},
{
"name": "RHSA-2016:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1851"
},
{
"name": "USN-3038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3038-1"
},
{
"name": "VU#797896",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2016:1824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "RHSA-2016:1648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
},
{
"name": "DSA-3623",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3623"
},
{
"name": "RHSA-2016:1649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
},
{
"name": "RHSA-2016:1422",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1422"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
},
{
"name": "RHSA-2016:1421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1421"
},
{
"name": "FEDORA-2016-a29c65b00f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
},
{
"name": "RHSA-2016:1650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"name": "RHSA-2016:1624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"name": "FEDORA-2016-df0726ae26",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://httpoxy.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201701-36",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "RHSA-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1636"
},
{
"name": "FEDORA-2016-9fd9bfab9e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
},
{
"name": "FEDORA-2016-683d0b257b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-5387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036330",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036330"
},
{
"name": "RHSA-2016:1420",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1420"
},
{
"name": "RHSA-2016:1635",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1635"
},
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "91816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91816"
},
{
"name": "RHSA-2016:1851",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1851"
},
{
"name": "USN-3038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3038-1"
},
{
"name": "VU#797896",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2016:1824",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "RHSA-2016:1648",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"name": "https://www.tenable.com/security/tns-2017-04",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "RHSA-2016:1625",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1625.html"
},
{
"name": "DSA-3623",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3623"
},
{
"name": "RHSA-2016:1649",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
},
{
"name": "RHSA-2016:1422",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1422"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"
},
{
"name": "RHSA-2016:1421",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1421"
},
{
"name": "FEDORA-2016-a29c65b00f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"
},
{
"name": "RHSA-2016:1650",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"name": "RHSA-2016:1624",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"name": "https://www.apache.org/security/asf-httpoxy-response.txt",
"refsource": "CONFIRM",
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"name": "FEDORA-2016-df0726ae26",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"
},
{
"name": "https://httpoxy.org/",
"refsource": "MISC",
"url": "https://httpoxy.org/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201701-36",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"name": "RHSA-2016:1636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1636"
},
{
"name": "FEDORA-2016-9fd9bfab9e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"
},
{
"name": "FEDORA-2016-683d0b257b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5387",
"datePublished": "2016-07-19T01:00:00.000Z",
"dateReserved": "2016-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:00:59.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-5387",
"date": "2026-05-28",
"epss": "0.60283",
"percentile": "0.98304"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-5387\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-07-19T02:00:19.837\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \\\"httpoxy\\\" issue. NOTE: the vendor states \\\"This mitigation has been assigned the identifier CVE-2016-5387\\\"; in other words, this is not a CVE ID for a vulnerability.\"},{\"lang\":\"es\",\"value\":\"El Apache HTTP Server hasta la versi\u00f3n 2.4.23 sigue a RFC 3875 secci\u00f3n 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que puede permitir a atacantes remotos redireccionar el tr\u00e1fico HTTP saliente de aplicaci\u00f3n a un servidor proxy arbitrario a trav\u00e9s de una cabecera Proxy manipulada en una petici\u00f3n HTTP, tambi\u00e9n conocido como problema \\\"httpoxy\\\". NOTA: el vendedor afirma \\\"Se ha asignado a esta mitigaci\u00f3n el identificador CVE-2016-5387\\\"; en otras palabras, esto no es un CVE ID para una vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndIncluding\":\"2.2.31\",\"matchCriteriaId\":\"E3E7037D-2C83-4F09-8DC6-4C51D447727A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.1\",\"versionEndIncluding\":\"2.4.23\",\"matchCriteriaId\":\"8805C987-A5BB-403B-BB9F-B745A2AE7865\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.5.5.0\",\"matchCriteriaId\":\"AD3FEB80-163D-4589-B6A8-6BB1ADCB6A10\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"12.4\",\"matchCriteriaId\":\"82AA7F74-BBB3-4912-A464-0D2101B0A95B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE12B6A4-E128-41EC-8017-558F50B961BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8B45C6-A877-4317-BCE5-EF9E9542276A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A2AC02-A933-4E51-810E-5D040B476B7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7B037A8-72A6-4DFF-94B2-D688A5F6F876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B8FEDF-6CB0-46E9-9AD7-4445B001C158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79A602C5-61FE-47BA-9786-F045B6C6DBA8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAFE33BC-D228-496C-A48E-8E73499D7F99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"681173DF-537E-4A64-8FC7-75F439CCAD0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2F2F98-DB90-43F6-8F28-3656207B6188\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"681173DF-537E-4A64-8FC7-75F439CCAD0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2F2F98-DB90-43F6-8F28-3656207B6188\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2466282-51AB-478D-9FF4-FA524265ED2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"807C024A-F8E8-4B48-A349-4C68CD252CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F96E3779-F56A-45FF-BB3D-4980527D721E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83737173-E12E-4641-BC49-0BD84A6B29D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C8D871B-AEA1-4407-AEE3-47EC782250FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6755B6AD-0422-467B-8115-34A60B1D1A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88A537F-F4D0-46B9-9E37-965233C2A355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1624.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1625.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1648.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1649.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1650.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3623\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/797896\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91816\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036330\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3038-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1420\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1421\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1422\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1635\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1636\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1851\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpoxy.org/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201701-36\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT208221\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.apache.org/security/asf-httpoxy-response.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2017-04\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1624.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1625.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1648.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1649.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1650.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/797896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3038-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1851\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpoxy.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201701-36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT208221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.apache.org/security/asf-httpoxy-response.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2017-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2016:1818-1
Vulnerability from csaf_suse - Published: 2016-07-18 14:06 - Updated: 2016-07-18 14:06Summary
Security update for apache2
Severity
Moderate
Notes
Title of the patch: Security update for apache2
Description of the patch:
This update for apache2 fixes the following issues:
* It used to be possible to set an arbitrary $HTTP_PROXY environment variable
for request handlers -- like CGI scripts -- by including a specially crafted
HTTP header in the request (CVE-2016-5387). As a result, these server
components would potentially direct all their outgoing HTTP traffic through a
malicious proxy server. This patch fixes the issue: the updated Apache server
ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes
(unless a value has been explicitly configured by the administrator in the
configuration file). (bsc#988488)
Patchnames: SUSE-SLE-SDK-12-SP1-2016-1067,SUSE-SLE-SERVER-12-SP1-2016-1067
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-doc-2.4.16-7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-security-upd… | self |
| https://bugzilla.suse.com/988488 | self |
| https://www.suse.com/security/cve/CVE-2016-5387/ | self |
| https://www.suse.com/security/cve/CVE-2016-5387 | external |
| https://bugzilla.suse.com/988484 | external |
| https://bugzilla.suse.com/988486 | external |
| https://bugzilla.suse.com/988487 | external |
| https://bugzilla.suse.com/988488 | external |
| https://bugzilla.suse.com/988489 | external |
| https://bugzilla.suse.com/988491 | external |
| https://bugzilla.suse.com/988492 | external |
| https://bugzilla.suse.com/989125 | external |
| https://bugzilla.suse.com/989174 | external |
| https://bugzilla.suse.com/989684 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for apache2 fixes the following issues:\n\n* It used to be possible to set an arbitrary $HTTP_PROXY environment variable\n for request handlers -- like CGI scripts -- by including a specially crafted\n HTTP header in the request (CVE-2016-5387). As a result, these server\n components would potentially direct all their outgoing HTTP traffic through a\n malicious proxy server. This patch fixes the issue: the updated Apache server\n ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes\n (unless a value has been explicitly configured by the administrator in the\n configuration file). (bsc#988488)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SDK-12-SP1-2016-1067,SUSE-SLE-SERVER-12-SP1-2016-1067",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1818-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1818-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161818-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1818-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-July/002157.html"
},
{
"category": "self",
"summary": "SUSE Bug 988488",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5387 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5387/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2016-07-18T14:06:44Z",
"generator": {
"date": "2016-07-18T14:06:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1818-1",
"initial_release_date": "2016-07-18T14:06:44Z",
"revision_history": [
{
"date": "2016-07-18T14:06:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.16-7.1.noarch",
"product": {
"name": "apache2-doc-2.4.16-7.1.noarch",
"product_id": "apache2-doc-2.4.16-7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.16-7.1.ppc64le",
"product": {
"name": "apache2-devel-2.4.16-7.1.ppc64le",
"product_id": "apache2-devel-2.4.16-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-2.4.16-7.1.ppc64le",
"product": {
"name": "apache2-2.4.16-7.1.ppc64le",
"product_id": "apache2-2.4.16-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-7.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.16-7.1.ppc64le",
"product_id": "apache2-example-pages-2.4.16-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-7.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.16-7.1.ppc64le",
"product_id": "apache2-prefork-2.4.16-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-7.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.16-7.1.ppc64le",
"product_id": "apache2-utils-2.4.16-7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-7.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.16-7.1.ppc64le",
"product_id": "apache2-worker-2.4.16-7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.16-7.1.s390x",
"product": {
"name": "apache2-devel-2.4.16-7.1.s390x",
"product_id": "apache2-devel-2.4.16-7.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.4.16-7.1.s390x",
"product": {
"name": "apache2-2.4.16-7.1.s390x",
"product_id": "apache2-2.4.16-7.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-7.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.16-7.1.s390x",
"product_id": "apache2-example-pages-2.4.16-7.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-7.1.s390x",
"product": {
"name": "apache2-prefork-2.4.16-7.1.s390x",
"product_id": "apache2-prefork-2.4.16-7.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-7.1.s390x",
"product": {
"name": "apache2-utils-2.4.16-7.1.s390x",
"product_id": "apache2-utils-2.4.16-7.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-7.1.s390x",
"product": {
"name": "apache2-worker-2.4.16-7.1.s390x",
"product_id": "apache2-worker-2.4.16-7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.16-7.1.x86_64",
"product": {
"name": "apache2-devel-2.4.16-7.1.x86_64",
"product_id": "apache2-devel-2.4.16-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-2.4.16-7.1.x86_64",
"product": {
"name": "apache2-2.4.16-7.1.x86_64",
"product_id": "apache2-2.4.16-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.16-7.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.16-7.1.x86_64",
"product_id": "apache2-example-pages-2.4.16-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.16-7.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.16-7.1.x86_64",
"product_id": "apache2-prefork-2.4.16-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.16-7.1.x86_64",
"product": {
"name": "apache2-utils-2.4.16-7.1.x86_64",
"product_id": "apache2-utils-2.4.16-7.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.16-7.1.x86_64",
"product": {
"name": "apache2-worker-2.4.16-7.1.x86_64",
"product_id": "apache2-worker-2.4.16-7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-devel-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.s390x"
},
"product_reference": "apache2-devel-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-devel-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.s390x"
},
"product_reference": "apache2-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.16-7.1.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-doc-2.4.16-7.1.noarch"
},
"product_reference": "apache2-doc-2.4.16-7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.s390x"
},
"product_reference": "apache2-prefork-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.s390x"
},
"product_reference": "apache2-utils-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-utils-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.s390x"
},
"product_reference": "apache2-worker-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-worker-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.s390x"
},
"product_reference": "apache2-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.16-7.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-7.1.noarch"
},
"product_reference": "apache2-doc-2.4.16-7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.s390x"
},
"product_reference": "apache2-prefork-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.s390x"
},
"product_reference": "apache2-utils-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-utils-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.16-7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-7.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.s390x"
},
"product_reference": "apache2-worker-2.4.16-7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.16-7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.x86_64"
},
"product_reference": "apache2-worker-2.4.16-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5387"
}
],
"notes": [
{
"category": "general",
"text": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-doc-2.4.16-7.1.noarch",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-7.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5387",
"url": "https://www.suse.com/security/cve/CVE-2016-5387"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989174"
},
{
"category": "external",
"summary": "SUSE Bug 989684 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-doc-2.4.16-7.1.noarch",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-7.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-doc-2.4.16-7.1.noarch",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-prefork-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-utils-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server 12 SP1:apache2-worker-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-doc-2.4.16-7.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-example-pages-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-prefork-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-utils-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:apache2-worker-2.4.16-7.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP1:apache2-devel-2.4.16-7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-18T14:06:44Z",
"details": "moderate"
}
],
"title": "CVE-2016-5387"
}
]
}
SUSE-SU-2016:1819-1
Vulnerability from csaf_suse - Published: 2016-07-18 14:07 - Updated: 2016-07-18 14:07Summary
Security update for apache2
Severity
Moderate
Notes
Title of the patch: Security update for apache2
Description of the patch:
This update for apache2 fixes the following issues:
* It used to be possible to set an arbitrary $HTTP_PROXY environment variable
for request handlers -- like CGI scripts -- by including a specially crafted
HTTP header in the request (CVE-2016-5387). As a result, these server
components would potentially direct all their outgoing HTTP traffic through a
malicious proxy server. This patch fixes the issue: the updated Apache server
ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes
(unless a value has been explicitly configured by the administrator in the
configuration file). (bsc#988488)
Patchnames: sdksp4-apache2-12654,slessp4-apache2-12654,slestso13-apache2-12654
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
78 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:apache2-devel-2.2.12-64.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-security-upd… | self |
| https://bugzilla.suse.com/988488 | self |
| https://www.suse.com/security/cve/CVE-2016-5387/ | self |
| https://www.suse.com/security/cve/CVE-2016-5387 | external |
| https://bugzilla.suse.com/988484 | external |
| https://bugzilla.suse.com/988486 | external |
| https://bugzilla.suse.com/988487 | external |
| https://bugzilla.suse.com/988488 | external |
| https://bugzilla.suse.com/988489 | external |
| https://bugzilla.suse.com/988491 | external |
| https://bugzilla.suse.com/988492 | external |
| https://bugzilla.suse.com/989125 | external |
| https://bugzilla.suse.com/989174 | external |
| https://bugzilla.suse.com/989684 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for apache2 fixes the following issues:\n\n* It used to be possible to set an arbitrary $HTTP_PROXY environment variable\n for request handlers -- like CGI scripts -- by including a specially crafted\n HTTP header in the request (CVE-2016-5387). As a result, these server\n components would potentially direct all their outgoing HTTP traffic through a\n malicious proxy server. This patch fixes the issue: the updated Apache server\n ignores such HTTP headers and never sets $HTTP_PROXY for sub-processes\n (unless a value has been explicitly configured by the administrator in the\n configuration file). (bsc#988488)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-apache2-12654,slessp4-apache2-12654,slestso13-apache2-12654",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1819-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:1819-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161819-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:1819-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-July/002158.html"
},
{
"category": "self",
"summary": "SUSE Bug 988488",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5387 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5387/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2016-07-18T14:07:52Z",
"generator": {
"date": "2016-07-18T14:07:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:1819-1",
"initial_release_date": "2016-07-18T14:07:52Z",
"revision_history": [
{
"date": "2016-07-18T14:07:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.2.12-64.1.i586",
"product": {
"name": "apache2-2.2.12-64.1.i586",
"product_id": "apache2-2.2.12-64.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.2.12-64.1.i586",
"product": {
"name": "apache2-devel-2.2.12-64.1.i586",
"product_id": "apache2-devel-2.2.12-64.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.12-64.1.i586",
"product": {
"name": "apache2-doc-2.2.12-64.1.i586",
"product_id": "apache2-doc-2.2.12-64.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.12-64.1.i586",
"product": {
"name": "apache2-example-pages-2.2.12-64.1.i586",
"product_id": "apache2-example-pages-2.2.12-64.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.12-64.1.i586",
"product": {
"name": "apache2-prefork-2.2.12-64.1.i586",
"product_id": "apache2-prefork-2.2.12-64.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.12-64.1.i586",
"product": {
"name": "apache2-utils-2.2.12-64.1.i586",
"product_id": "apache2-utils-2.2.12-64.1.i586"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.12-64.1.i586",
"product": {
"name": "apache2-worker-2.2.12-64.1.i586",
"product_id": "apache2-worker-2.2.12-64.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.12-64.1.ia64",
"product": {
"name": "apache2-devel-2.2.12-64.1.ia64",
"product_id": "apache2-devel-2.2.12-64.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-2.2.12-64.1.ia64",
"product": {
"name": "apache2-2.2.12-64.1.ia64",
"product_id": "apache2-2.2.12-64.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.12-64.1.ia64",
"product": {
"name": "apache2-doc-2.2.12-64.1.ia64",
"product_id": "apache2-doc-2.2.12-64.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.12-64.1.ia64",
"product": {
"name": "apache2-example-pages-2.2.12-64.1.ia64",
"product_id": "apache2-example-pages-2.2.12-64.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.12-64.1.ia64",
"product": {
"name": "apache2-prefork-2.2.12-64.1.ia64",
"product_id": "apache2-prefork-2.2.12-64.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.12-64.1.ia64",
"product": {
"name": "apache2-utils-2.2.12-64.1.ia64",
"product_id": "apache2-utils-2.2.12-64.1.ia64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.12-64.1.ia64",
"product": {
"name": "apache2-worker-2.2.12-64.1.ia64",
"product_id": "apache2-worker-2.2.12-64.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.12-64.1.ppc64",
"product": {
"name": "apache2-devel-2.2.12-64.1.ppc64",
"product_id": "apache2-devel-2.2.12-64.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-2.2.12-64.1.ppc64",
"product": {
"name": "apache2-2.2.12-64.1.ppc64",
"product_id": "apache2-2.2.12-64.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.12-64.1.ppc64",
"product": {
"name": "apache2-doc-2.2.12-64.1.ppc64",
"product_id": "apache2-doc-2.2.12-64.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.12-64.1.ppc64",
"product": {
"name": "apache2-example-pages-2.2.12-64.1.ppc64",
"product_id": "apache2-example-pages-2.2.12-64.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.12-64.1.ppc64",
"product": {
"name": "apache2-prefork-2.2.12-64.1.ppc64",
"product_id": "apache2-prefork-2.2.12-64.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.12-64.1.ppc64",
"product": {
"name": "apache2-utils-2.2.12-64.1.ppc64",
"product_id": "apache2-utils-2.2.12-64.1.ppc64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.12-64.1.ppc64",
"product": {
"name": "apache2-worker-2.2.12-64.1.ppc64",
"product_id": "apache2-worker-2.2.12-64.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.2.12-64.1.s390x",
"product": {
"name": "apache2-devel-2.2.12-64.1.s390x",
"product_id": "apache2-devel-2.2.12-64.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.2.12-64.1.s390x",
"product": {
"name": "apache2-2.2.12-64.1.s390x",
"product_id": "apache2-2.2.12-64.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.12-64.1.s390x",
"product": {
"name": "apache2-doc-2.2.12-64.1.s390x",
"product_id": "apache2-doc-2.2.12-64.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.12-64.1.s390x",
"product": {
"name": "apache2-example-pages-2.2.12-64.1.s390x",
"product_id": "apache2-example-pages-2.2.12-64.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.12-64.1.s390x",
"product": {
"name": "apache2-prefork-2.2.12-64.1.s390x",
"product_id": "apache2-prefork-2.2.12-64.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.12-64.1.s390x",
"product": {
"name": "apache2-utils-2.2.12-64.1.s390x",
"product_id": "apache2-utils-2.2.12-64.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.12-64.1.s390x",
"product": {
"name": "apache2-worker-2.2.12-64.1.s390x",
"product_id": "apache2-worker-2.2.12-64.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.2.12-64.1.x86_64",
"product": {
"name": "apache2-2.2.12-64.1.x86_64",
"product_id": "apache2-2.2.12-64.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.2.12-64.1.x86_64",
"product": {
"name": "apache2-devel-2.2.12-64.1.x86_64",
"product_id": "apache2-devel-2.2.12-64.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-doc-2.2.12-64.1.x86_64",
"product": {
"name": "apache2-doc-2.2.12-64.1.x86_64",
"product_id": "apache2-doc-2.2.12-64.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.2.12-64.1.x86_64",
"product": {
"name": "apache2-example-pages-2.2.12-64.1.x86_64",
"product_id": "apache2-example-pages-2.2.12-64.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.2.12-64.1.x86_64",
"product": {
"name": "apache2-prefork-2.2.12-64.1.x86_64",
"product_id": "apache2-prefork-2.2.12-64.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.2.12-64.1.x86_64",
"product": {
"name": "apache2-utils-2.2.12-64.1.x86_64",
"product_id": "apache2-utils-2.2.12-64.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.2.12-64.1.x86_64",
"product": {
"name": "apache2-worker-2.2.12-64.1.x86_64",
"product_id": "apache2-worker-2.2.12-64.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.i586"
},
"product_reference": "apache2-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.i586"
},
"product_reference": "apache2-devel-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ia64"
},
"product_reference": "apache2-devel-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-devel-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.s390x"
},
"product_reference": "apache2-devel-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-devel-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.i586"
},
"product_reference": "apache2-doc-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-doc-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.i586"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.i586"
},
"product_reference": "apache2-prefork-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.i586"
},
"product_reference": "apache2-utils-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-utils-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.i586"
},
"product_reference": "apache2-worker-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-worker-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.i586"
},
"product_reference": "apache2-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ia64"
},
"product_reference": "apache2-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.s390x"
},
"product_reference": "apache2-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.i586"
},
"product_reference": "apache2-doc-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ia64"
},
"product_reference": "apache2-doc-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-doc-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.s390x"
},
"product_reference": "apache2-doc-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-doc-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.i586"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ia64"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.s390x"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.i586"
},
"product_reference": "apache2-prefork-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ia64"
},
"product_reference": "apache2-prefork-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-prefork-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.s390x"
},
"product_reference": "apache2-prefork-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.i586"
},
"product_reference": "apache2-utils-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ia64"
},
"product_reference": "apache2-utils-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-utils-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.s390x"
},
"product_reference": "apache2-utils-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-utils-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.i586"
},
"product_reference": "apache2-worker-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ia64"
},
"product_reference": "apache2-worker-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-worker-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.s390x"
},
"product_reference": "apache2-worker-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-worker-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.i586"
},
"product_reference": "apache2-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ia64"
},
"product_reference": "apache2-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.s390x"
},
"product_reference": "apache2-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.i586"
},
"product_reference": "apache2-doc-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ia64"
},
"product_reference": "apache2-doc-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-doc-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.s390x"
},
"product_reference": "apache2-doc-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-doc-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.i586"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ia64"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.s390x"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-example-pages-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.i586"
},
"product_reference": "apache2-prefork-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ia64"
},
"product_reference": "apache2-prefork-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-prefork-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.s390x"
},
"product_reference": "apache2-prefork-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-prefork-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.i586"
},
"product_reference": "apache2-utils-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ia64"
},
"product_reference": "apache2-utils-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-utils-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.s390x"
},
"product_reference": "apache2-utils-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-utils-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.i586"
},
"product_reference": "apache2-worker-2.2.12-64.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ia64"
},
"product_reference": "apache2-worker-2.2.12-64.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ppc64"
},
"product_reference": "apache2-worker-2.2.12-64.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.s390x"
},
"product_reference": "apache2-worker-2.2.12-64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.2.12-64.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-worker-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.2.12-64.1.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:apache2-devel-2.2.12-64.1.x86_64"
},
"product_reference": "apache2-devel-2.2.12-64.1.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5387"
}
],
"notes": [
{
"category": "general",
"text": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.12-64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5387",
"url": "https://www.suse.com/security/cve/CVE-2016-5387"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989174"
},
{
"category": "external",
"summary": "SUSE Bug 989684 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.12-64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-devel-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-doc-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-example-pages-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-prefork-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-utils-2.2.12-64.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:apache2-worker-2.2.12-64.1.x86_64",
"SUSE Studio Onsite 1.3:apache2-devel-2.2.12-64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-07-18T14:07:52Z",
"details": "moderate"
}
],
"title": "CVE-2016-5387"
}
]
}
SUSE-SU-2016:2090-1
Vulnerability from csaf_suse - Published: 2016-08-17 07:33 - Updated: 2016-08-17 07:33Summary
Security update for apache2
Severity
Moderate
Notes
Title of the patch: Security update for apache2
Description of the patch:
This update for apache2 fixes the following issues:
- It used to be possible to set an arbitrary $HTTP_PROXY environment variable for
request handlers -- like CGI scripts -- by including a specially crafted HTTP
header in the request (CVE-2016-5387). As a result, these server components
would potentially direct all their outgoing HTTP traffic through a malicious
proxy server. This patch fixes the issue: the updated Apache server ignores
such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value
has been explicitly configured by the administrator in the configuration file).
(bsc#988488)
- Ignore SIGINT signal in child processes. This fixes a race condition in
signals handling when httpd is running on foreground and the user hits ctrl+c.
(bsc#970391)
- Don't put the backend in error state (by default) when 500/503 is overridden.
(bsc#951692)
- Remove obsolete /usr/share/apache2/rc.apache2 sample script. (bsc#973381)
Patchnames: SUSE-SLE-SAP-12-2016-1235,SUSE-SLE-SERVER-12-2016-1235
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:apache2-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:apache2-doc-2.4.10-14.17.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:apache2-example-pages-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:apache2-prefork-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:apache2-utils-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:apache2-worker-2.4.10-14.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for apache2 fixes the following issues:\n\n- It used to be possible to set an arbitrary $HTTP_PROXY environment variable for\n request handlers -- like CGI scripts -- by including a specially crafted HTTP\n header in the request (CVE-2016-5387). As a result, these server components\n would potentially direct all their outgoing HTTP traffic through a malicious\n proxy server. This patch fixes the issue: the updated Apache server ignores\n such HTTP headers and never sets $HTTP_PROXY for sub-processes (unless a value\n has been explicitly configured by the administrator in the configuration file).\n (bsc#988488)\n\n- Ignore SIGINT signal in child processes. This fixes a race condition in\n signals handling when httpd is running on foreground and the user hits ctrl+c.\n (bsc#970391)\n\n- Don\u0027t put the backend in error state (by default) when 500/503 is overridden.\n (bsc#951692)\n\n- Remove obsolete /usr/share/apache2/rc.apache2 sample script. (bsc#973381)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-2016-1235,SUSE-SLE-SERVER-12-2016-1235",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2090-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2090-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162090-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2090-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002213.html"
},
{
"category": "self",
"summary": "SUSE Bug 951692",
"url": "https://bugzilla.suse.com/951692"
},
{
"category": "self",
"summary": "SUSE Bug 970391",
"url": "https://bugzilla.suse.com/970391"
},
{
"category": "self",
"summary": "SUSE Bug 973381",
"url": "https://bugzilla.suse.com/973381"
},
{
"category": "self",
"summary": "SUSE Bug 988488",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5387 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5387/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2016-08-17T07:33:22Z",
"generator": {
"date": "2016-08-17T07:33:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2090-1",
"initial_release_date": "2016-08-17T07:33:22Z",
"revision_history": [
{
"date": "2016-08-17T07:33:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.10-14.17.1.noarch",
"product": {
"name": "apache2-doc-2.4.10-14.17.1.noarch",
"product_id": "apache2-doc-2.4.10-14.17.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.17.1.ppc64le",
"product": {
"name": "apache2-2.4.10-14.17.1.ppc64le",
"product_id": "apache2-2.4.10-14.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.17.1.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.10-14.17.1.ppc64le",
"product_id": "apache2-example-pages-2.4.10-14.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.17.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.10-14.17.1.ppc64le",
"product_id": "apache2-prefork-2.4.10-14.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.17.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.10-14.17.1.ppc64le",
"product_id": "apache2-utils-2.4.10-14.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.17.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.10-14.17.1.ppc64le",
"product_id": "apache2-worker-2.4.10-14.17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.17.1.s390x",
"product": {
"name": "apache2-2.4.10-14.17.1.s390x",
"product_id": "apache2-2.4.10-14.17.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.17.1.s390x",
"product": {
"name": "apache2-example-pages-2.4.10-14.17.1.s390x",
"product_id": "apache2-example-pages-2.4.10-14.17.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.17.1.s390x",
"product": {
"name": "apache2-prefork-2.4.10-14.17.1.s390x",
"product_id": "apache2-prefork-2.4.10-14.17.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.17.1.s390x",
"product": {
"name": "apache2-utils-2.4.10-14.17.1.s390x",
"product_id": "apache2-utils-2.4.10-14.17.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.17.1.s390x",
"product": {
"name": "apache2-worker-2.4.10-14.17.1.s390x",
"product_id": "apache2-worker-2.4.10-14.17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.10-14.17.1.x86_64",
"product": {
"name": "apache2-2.4.10-14.17.1.x86_64",
"product_id": "apache2-2.4.10-14.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.10-14.17.1.x86_64",
"product": {
"name": "apache2-example-pages-2.4.10-14.17.1.x86_64",
"product_id": "apache2-example-pages-2.4.10-14.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.10-14.17.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.10-14.17.1.x86_64",
"product_id": "apache2-prefork-2.4.10-14.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.10-14.17.1.x86_64",
"product": {
"name": "apache2-utils-2.4.10-14.17.1.x86_64",
"product_id": "apache2-utils-2.4.10-14.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.10-14.17.1.x86_64",
"product": {
"name": "apache2-worker-2.4.10-14.17.1.x86_64",
"product_id": "apache2-worker-2.4.10-14.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:apache2-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.10-14.17.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:apache2-doc-2.4.10-14.17.1.noarch"
},
"product_reference": "apache2-doc-2.4.10-14.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:apache2-example-pages-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:apache2-prefork-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:apache2-utils-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-utils-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:apache2-worker-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-worker-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.17.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.ppc64le"
},
"product_reference": "apache2-2.4.10-14.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.17.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.s390x"
},
"product_reference": "apache2-2.4.10-14.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.10-14.17.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.17.1.noarch"
},
"product_reference": "apache2-doc-2.4.10-14.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.17.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.10-14.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.17.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.s390x"
},
"product_reference": "apache2-example-pages-2.4.10-14.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-example-pages-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.17.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.10-14.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.17.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.s390x"
},
"product_reference": "apache2-prefork-2.4.10-14.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.17.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.10-14.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.17.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.s390x"
},
"product_reference": "apache2-utils-2.4.10-14.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-utils-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.17.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.10-14.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.17.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.s390x"
},
"product_reference": "apache2-worker-2.4.10-14.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.10-14.17.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.x86_64"
},
"product_reference": "apache2-worker-2.4.10-14.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5387"
}
],
"notes": [
{
"category": "general",
"text": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.17.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-doc-2.4.10-14.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-example-pages-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-prefork-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-utils-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-worker-2.4.10-14.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5387",
"url": "https://www.suse.com/security/cve/CVE-2016-5387"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989174"
},
{
"category": "external",
"summary": "SUSE Bug 989684 for CVE-2016-5387",
"url": "https://bugzilla.suse.com/989684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.17.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-doc-2.4.10-14.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-example-pages-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-prefork-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-utils-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-worker-2.4.10-14.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-doc-2.4.10-14.17.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-example-pages-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-prefork-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-utils-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:apache2-worker-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-doc-2.4.10-14.17.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-example-pages-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-prefork-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-utils-2.4.10-14.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:apache2-worker-2.4.10-14.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-17T07:33:22Z",
"details": "moderate"
}
],
"title": "CVE-2016-5387"
}
]
}
WID-SEC-W-2025-0370
Vulnerability from csaf_certbund - Published: 2017-09-25 22:00 - Updated: 2025-02-13 23:00Summary
Apple Mac OS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apple Mac OS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstelle in Apple Mac OS ausnutzen, um Code mit Kernel Privilegien auszuführen, Sicherheitsvorkehrungen zu umgehen, einen Denial of Service Angriff durchzuführen oder vertrauliche Daten einzusehen.
Betroffene Betriebssysteme: - MacOS X
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS <10.13
Apple / macOS
|
<10.13 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple Mac OS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstelle in Apple Mac OS ausnutzen, um Code mit Kernel Privilegien auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Denial of Service Angriff durchzuf\u00fchren oder vertrauliche Daten einzusehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0370 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2025-0370.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0370 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0370"
},
{
"category": "external",
"summary": "Apple Security Advisory HT208144 vom 2017-09-25",
"url": "https://support.apple.com/de-de/HT208144"
},
{
"category": "external",
"summary": "Updated Apple Security Advisory HT208144 vom 2017-10-31",
"url": "https://lists.apple.com/archives/security-announce/2017/Oct/msg00007.html"
},
{
"category": "external",
"summary": "Updated Apple Security Advisory HT208144 vom 2017-10-31",
"url": "https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html"
}
],
"source_lang": "en-US",
"title": "Apple Mac OS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-02-13T23:00:00.000+00:00",
"generator": {
"date": "2025-02-14T12:00:12.636+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0370",
"initial_release_date": "2017-09-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-09-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-10-31T23:00:00.000+00:00",
"number": "2",
"summary": "cve added"
},
{
"date": "2017-10-31T23:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-10-31T23:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-21T23:00:00.000+00:00",
"number": "5",
"summary": "cve added"
},
{
"date": "2017-11-21T23:00:00.000+00:00",
"number": "6",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-12-13T23:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "8",
"summary": "Korrektur"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.13",
"product": {
"name": "Apple macOS \u003c10.13",
"product_id": "T010822"
}
},
{
"category": "product_version",
"name": "10.13",
"product": {
"name": "Apple macOS 10.13",
"product_id": "T010822-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:10.13"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0736",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-0736"
},
{
"cve": "CVE-2016-2161",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-2161"
},
{
"cve": "CVE-2016-4736",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-4736"
},
{
"cve": "CVE-2016-5387",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-5387"
},
{
"cve": "CVE-2016-8740",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-8740"
},
{
"cve": "CVE-2016-8743",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-8743"
},
{
"cve": "CVE-2016-9042",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9042"
},
{
"cve": "CVE-2016-9063",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9063"
},
{
"cve": "CVE-2016-9840",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9840"
},
{
"cve": "CVE-2016-9841",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9841"
},
{
"cve": "CVE-2016-9842",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9842"
},
{
"cve": "CVE-2016-9843",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2016-9843"
},
{
"cve": "CVE-2017-0381",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-0381"
},
{
"cve": "CVE-2017-1000100",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-1000100"
},
{
"cve": "CVE-2017-1000101",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-1000101"
},
{
"cve": "CVE-2017-1000373",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-1000373"
},
{
"cve": "CVE-2017-10140",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-10140"
},
{
"cve": "CVE-2017-10989",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-10989"
},
{
"cve": "CVE-2017-11103",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11103"
},
{
"cve": "CVE-2017-11108",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11108"
},
{
"cve": "CVE-2017-11541",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11541"
},
{
"cve": "CVE-2017-11542",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11542"
},
{
"cve": "CVE-2017-11543",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-11543"
},
{
"cve": "CVE-2017-12893",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12893"
},
{
"cve": "CVE-2017-12894",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12894"
},
{
"cve": "CVE-2017-12895",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12895"
},
{
"cve": "CVE-2017-12896",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12896"
},
{
"cve": "CVE-2017-12897",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12897"
},
{
"cve": "CVE-2017-12898",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12898"
},
{
"cve": "CVE-2017-12899",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12899"
},
{
"cve": "CVE-2017-12900",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12900"
},
{
"cve": "CVE-2017-12901",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12901"
},
{
"cve": "CVE-2017-12902",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12902"
},
{
"cve": "CVE-2017-12985",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12985"
},
{
"cve": "CVE-2017-12986",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12986"
},
{
"cve": "CVE-2017-12987",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12987"
},
{
"cve": "CVE-2017-12988",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12988"
},
{
"cve": "CVE-2017-12989",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12989"
},
{
"cve": "CVE-2017-12990",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12990"
},
{
"cve": "CVE-2017-12991",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12991"
},
{
"cve": "CVE-2017-12992",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12992"
},
{
"cve": "CVE-2017-12993",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12993"
},
{
"cve": "CVE-2017-12994",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12994"
},
{
"cve": "CVE-2017-12995",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12995"
},
{
"cve": "CVE-2017-12996",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12996"
},
{
"cve": "CVE-2017-12997",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12997"
},
{
"cve": "CVE-2017-12998",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12998"
},
{
"cve": "CVE-2017-12999",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-12999"
},
{
"cve": "CVE-2017-13000",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13000"
},
{
"cve": "CVE-2017-13001",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13001"
},
{
"cve": "CVE-2017-13002",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13002"
},
{
"cve": "CVE-2017-13003",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13003"
},
{
"cve": "CVE-2017-13004",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13004"
},
{
"cve": "CVE-2017-13005",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13005"
},
{
"cve": "CVE-2017-13006",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13006"
},
{
"cve": "CVE-2017-13007",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13007"
},
{
"cve": "CVE-2017-13008",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13008"
},
{
"cve": "CVE-2017-13009",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13009"
},
{
"cve": "CVE-2017-13010",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13010"
},
{
"cve": "CVE-2017-13011",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13011"
},
{
"cve": "CVE-2017-13012",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13012"
},
{
"cve": "CVE-2017-13013",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13013"
},
{
"cve": "CVE-2017-13014",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13014"
},
{
"cve": "CVE-2017-13015",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13015"
},
{
"cve": "CVE-2017-13016",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13016"
},
{
"cve": "CVE-2017-13017",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13017"
},
{
"cve": "CVE-2017-13018",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13018"
},
{
"cve": "CVE-2017-13019",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13019"
},
{
"cve": "CVE-2017-13020",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13020"
},
{
"cve": "CVE-2017-13021",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13021"
},
{
"cve": "CVE-2017-13022",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13022"
},
{
"cve": "CVE-2017-13023",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13023"
},
{
"cve": "CVE-2017-13024",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13024"
},
{
"cve": "CVE-2017-13025",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13025"
},
{
"cve": "CVE-2017-13026",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13026"
},
{
"cve": "CVE-2017-13027",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13027"
},
{
"cve": "CVE-2017-13028",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13028"
},
{
"cve": "CVE-2017-13029",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13029"
},
{
"cve": "CVE-2017-13030",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13030"
},
{
"cve": "CVE-2017-13031",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13031"
},
{
"cve": "CVE-2017-13032",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13032"
},
{
"cve": "CVE-2017-13033",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13033"
},
{
"cve": "CVE-2017-13034",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13034"
},
{
"cve": "CVE-2017-13035",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13035"
},
{
"cve": "CVE-2017-13036",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13036"
},
{
"cve": "CVE-2017-13037",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13037"
},
{
"cve": "CVE-2017-13038",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13038"
},
{
"cve": "CVE-2017-13039",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13039"
},
{
"cve": "CVE-2017-13040",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13040"
},
{
"cve": "CVE-2017-13041",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13041"
},
{
"cve": "CVE-2017-13042",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13042"
},
{
"cve": "CVE-2017-13043",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13043"
},
{
"cve": "CVE-2017-13044",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13044"
},
{
"cve": "CVE-2017-13045",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13045"
},
{
"cve": "CVE-2017-13046",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13046"
},
{
"cve": "CVE-2017-13047",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13047"
},
{
"cve": "CVE-2017-13048",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13048"
},
{
"cve": "CVE-2017-13049",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13049"
},
{
"cve": "CVE-2017-13050",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13050"
},
{
"cve": "CVE-2017-13051",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13051"
},
{
"cve": "CVE-2017-13052",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13052"
},
{
"cve": "CVE-2017-13053",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13053"
},
{
"cve": "CVE-2017-13054",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13054"
},
{
"cve": "CVE-2017-13055",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13055"
},
{
"cve": "CVE-2017-13077",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13077"
},
{
"cve": "CVE-2017-13078",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13078"
},
{
"cve": "CVE-2017-13080",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13080"
},
{
"cve": "CVE-2017-13687",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13687"
},
{
"cve": "CVE-2017-13688",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13688"
},
{
"cve": "CVE-2017-13689",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13689"
},
{
"cve": "CVE-2017-13690",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13690"
},
{
"cve": "CVE-2017-13725",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13725"
},
{
"cve": "CVE-2017-13782",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13782"
},
{
"cve": "CVE-2017-13786",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13786"
},
{
"cve": "CVE-2017-13799",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13799"
},
{
"cve": "CVE-2017-13800",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13800"
},
{
"cve": "CVE-2017-13801",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13801"
},
{
"cve": "CVE-2017-13804",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13804"
},
{
"cve": "CVE-2017-13807",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13807"
},
{
"cve": "CVE-2017-13808",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13808"
},
{
"cve": "CVE-2017-13809",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13809"
},
{
"cve": "CVE-2017-13810",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13810"
},
{
"cve": "CVE-2017-13811",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13811"
},
{
"cve": "CVE-2017-13812",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13812"
},
{
"cve": "CVE-2017-13813",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13813"
},
{
"cve": "CVE-2017-13814",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13814"
},
{
"cve": "CVE-2017-13815",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13815"
},
{
"cve": "CVE-2017-13816",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13816"
},
{
"cve": "CVE-2017-13817",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13817"
},
{
"cve": "CVE-2017-13818",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13818"
},
{
"cve": "CVE-2017-13819",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13819"
},
{
"cve": "CVE-2017-13820",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13820"
},
{
"cve": "CVE-2017-13821",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13821"
},
{
"cve": "CVE-2017-13822",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13822"
},
{
"cve": "CVE-2017-13823",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13823"
},
{
"cve": "CVE-2017-13824",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13824"
},
{
"cve": "CVE-2017-13825",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13825"
},
{
"cve": "CVE-2017-13826",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13826"
},
{
"cve": "CVE-2017-13827",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13827"
},
{
"cve": "CVE-2017-13828",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13828"
},
{
"cve": "CVE-2017-13829",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13829"
},
{
"cve": "CVE-2017-13830",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13830"
},
{
"cve": "CVE-2017-13831",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13831"
},
{
"cve": "CVE-2017-13832",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13832"
},
{
"cve": "CVE-2017-13833",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13833"
},
{
"cve": "CVE-2017-13834",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13834"
},
{
"cve": "CVE-2017-13836",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13836"
},
{
"cve": "CVE-2017-13837",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13837"
},
{
"cve": "CVE-2017-13838",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13838"
},
{
"cve": "CVE-2017-13839",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13839"
},
{
"cve": "CVE-2017-13840",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13840"
},
{
"cve": "CVE-2017-13841",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13841"
},
{
"cve": "CVE-2017-13842",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13842"
},
{
"cve": "CVE-2017-13843",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13843"
},
{
"cve": "CVE-2017-13846",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13846"
},
{
"cve": "CVE-2017-13851",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13851"
},
{
"cve": "CVE-2017-13854",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-13854"
},
{
"cve": "CVE-2017-3167",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-3167"
},
{
"cve": "CVE-2017-3169",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-3169"
},
{
"cve": "CVE-2017-6451",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6451"
},
{
"cve": "CVE-2017-6452",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6452"
},
{
"cve": "CVE-2017-6455",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6455"
},
{
"cve": "CVE-2017-6458",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6458"
},
{
"cve": "CVE-2017-6459",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6459"
},
{
"cve": "CVE-2017-6460",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6460"
},
{
"cve": "CVE-2017-6462",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6462"
},
{
"cve": "CVE-2017-6463",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6463"
},
{
"cve": "CVE-2017-6464",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-6464"
},
{
"cve": "CVE-2017-7074",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7074"
},
{
"cve": "CVE-2017-7077",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7077"
},
{
"cve": "CVE-2017-7078",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7078"
},
{
"cve": "CVE-2017-7080",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7080"
},
{
"cve": "CVE-2017-7082",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7082"
},
{
"cve": "CVE-2017-7083",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7083"
},
{
"cve": "CVE-2017-7084",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7084"
},
{
"cve": "CVE-2017-7086",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7086"
},
{
"cve": "CVE-2017-7114",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7114"
},
{
"cve": "CVE-2017-7119",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7119"
},
{
"cve": "CVE-2017-7121",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7121"
},
{
"cve": "CVE-2017-7122",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7122"
},
{
"cve": "CVE-2017-7123",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7123"
},
{
"cve": "CVE-2017-7124",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7124"
},
{
"cve": "CVE-2017-7125",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7125"
},
{
"cve": "CVE-2017-7126",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7126"
},
{
"cve": "CVE-2017-7127",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7127"
},
{
"cve": "CVE-2017-7128",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7128"
},
{
"cve": "CVE-2017-7129",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7129"
},
{
"cve": "CVE-2017-7130",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7130"
},
{
"cve": "CVE-2017-7132",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7132"
},
{
"cve": "CVE-2017-7138",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7138"
},
{
"cve": "CVE-2017-7141",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7141"
},
{
"cve": "CVE-2017-7143",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7143"
},
{
"cve": "CVE-2017-7144",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7144"
},
{
"cve": "CVE-2017-7659",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7659"
},
{
"cve": "CVE-2017-7668",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7668"
},
{
"cve": "CVE-2017-7679",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-7679"
},
{
"cve": "CVE-2017-9233",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-9233"
},
{
"cve": "CVE-2017-9788",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-9788"
},
{
"cve": "CVE-2017-9789",
"product_status": {
"known_affected": [
"T010822"
]
},
"release_date": "2017-09-25T22:00:00.000+00:00",
"title": "CVE-2017-9789"
}
]
}
WID-SEC-W-2025-2522
Vulnerability from csaf_certbund - Published: 2016-07-18 22:00 - Updated: 2025-11-10 23:00Summary
Mehrere Webserver: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.
Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Apache ist ein Webserver für verschiedene Plattformen.
Python ist eine universelle, üblicherweise interpretierte höhere Programmiersprache.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in mehreren Webserver Produkten ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HPE HP-UX
HPE
|
cpe:/o:hp:hp-ux:-
|
— | |
|
EMC VNX1
EMC
|
cpe:/h:emc:vnx:-
|
— | |
|
Apache HTTP Server
Apache
|
cpe:/a:apache:http_server:-
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
SUSE Linux Enterprise Server 12 SP1
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:12:sp1
|
12 SP1 | |
|
SUSE Linux Enterprise Desktop 12 SP1
SUSE / Linux Enterprise Desktop
|
cpe:/o:suse:linux_enterprise_desktop:12:sp1
|
12 SP1 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Apache Tomcat
Apache
|
cpe:/a:apache:tomcat:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source PHP
Open Source
|
cpe:/a:php:php:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
TYPO3 Core <8.2.1
TYPO3 / Core
|
<8.2.1 | ||
|
Open Source Python
Open Source
|
cpe:/a:python:python:-
|
— |
References
61 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PHP ist eine Programmiersprache, die zur Implementierung von Web-Applikationen genutzt wird.\r\nApache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.\r\nApache ist ein Webserver f\u00fcr verschiedene Plattformen.\r\nPython ist eine universelle, \u00fcblicherweise interpretierte h\u00f6here Programmiersprache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in mehreren Webserver Produkten ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2522 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2025-2522.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2522 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2522"
},
{
"category": "external",
"summary": "Meldung auf httpoxy.org vom 2016-07-18",
"url": "https://httpoxy.org/"
},
{
"category": "external",
"summary": "Cert.org Vulnerability Note VU#797896 vom 2016-07-18",
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"category": "external",
"summary": "Microsoft Knowledge Base article #3179800 vom 2016-07-18",
"url": "https://support.microsoft.com/en-us/kb/3179800"
},
{
"category": "external",
"summary": "Meldung auf nginx.com vom 2016-07-18",
"url": "https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/"
},
{
"category": "external",
"summary": "Meldung auf Apache.org vom 2016-07-18",
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3038-1 vom 2016-07-18",
"url": "http://www.ubuntu.com/usn/usn-3038-1/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1420 vom 2016-07-18",
"url": "https://access.redhat.com/errata/RHSA-2016:1420"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1421 vom 2016-07-18",
"url": "https://access.redhat.com/errata/RHSA-2016:1421"
},
{
"category": "external",
"summary": "Red Hat Bugzilla #1353755 vom 2016-07-18",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387"
},
{
"category": "external",
"summary": "Debian Security Tracker CVE-2016-5387 vom 2016-07-18",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-5387"
},
{
"category": "external",
"summary": "Meldung auf der oss-sec Mailliste vom 2016-07-19",
"url": "http://seclists.org/oss-sec/2016/q3/94"
},
{
"category": "external",
"summary": "CentOS Announce CESA-2016:1421 vom 2016-07-18",
"url": "http://permalink.gmane.org/gmane.linux.centos.announce/9976"
},
{
"category": "external",
"summary": "CentOS Announce CESA-2016:1422 vom 2016-07-18",
"url": "http://permalink.gmane.org/gmane.linux.centos.announce/9975"
},
{
"category": "external",
"summary": "Meldung auf der oss-sec Mailliste vom 2016-07-19",
"url": "http://seclists.org/oss-sec/2016/q3/95"
},
{
"category": "external",
"summary": "Typo3 Core Security Advisory typo3-core-sa-2016-019 vom 2016-07-19",
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-019/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3623-1 vom 2016-07-20",
"url": "https://lists.debian.org/debian-security-announce/2016/msg00201.html"
},
{
"category": "external",
"summary": "SUSE Patch vom 2016-07-20",
"url": "https://download.suse.com/patch/finder/?keywords=a513b952ed04bce0c2391eb2ba3b9f2c"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3631 vom 2016-07-27",
"url": "https://www.debian.org/security/2016/dsa-3631"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3045-1 vom 2016-08-02",
"url": "http://www.ubuntu.com/usn/usn-3045-1/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1538 vom 2016-08-03",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1538.html"
},
{
"category": "external",
"summary": "Unify Security Advisory Report - OBSO-1607-01 vom 2016-07-27",
"url": "https://networks.unify.com/security/advisories/OBSO-1607-01.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1609 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1609.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1610 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1610.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1611 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1611.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1612 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1612.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1613 vom 2016-08-12",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1613.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2090 vom 2016-08-17",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2016-August/002213.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory RHSA-2016-1624",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory RHSA-2016-1625",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1625.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1630-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1630.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1629-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1629.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1628-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1628.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1627-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1627.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1626-1 vom 2016-08-18",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2106-1 vom 2016-08-19",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2016-August/002219.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1650-1 vom 2016-08-22",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1649-1 vom 2016-08-22",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1648-1 vom 2016-08-22",
"url": "https://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2188-1 vom 2016-09-03",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162188-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2229-1 vom 2016-09-07",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162229-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2270-1 vom 2016-09-10",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:1978 vom 2016-09-30",
"url": "https://access.redhat.com/errata/RHSA-2016:1978"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2653-1 vom 2016-10-26",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162653-1.html"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBUX03665 vom 2016-11-07",
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2016-2586 vom 2016-11-09",
"url": "http://linux.oracle.com/errata/ELSA-2016-2586.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2016-2598 vom 2016-11-09",
"url": "http://linux.oracle.com/errata/ELSA-2016-2598.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2016:2859-1 vom 2016-11-18",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162859-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3134-1 vom 2016-11-23",
"url": "http://www.ubuntu.com/usn/usn-3134-1/"
},
{
"category": "external",
"summary": "Eintrag auf Apache.org",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0114-1 vom 2017-01-12",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170114-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0190-1 vom 2017-01-18",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170190-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3177-1 vom 2017-01-23",
"url": "http://www.ubuntu.com/usn/usn-3177-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3177-2 vom 2017-02-02",
"url": "http://www.ubuntu.com/usn/usn-3177-2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1632-1 vom 2017-06-21",
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-06/msg00025.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1660-1 vom 2017-06-24",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171660-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:0273 vom 2018-02-05",
"url": "https://access.redhat.com/errata/RHSA-2018:0273"
},
{
"category": "external",
"summary": "Dell/EMC Knowledge Base Article: 000529947",
"url": "https://support.emc.com/kb/529947"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0223-1 vom 2019-02-01",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190223-1.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15706-1 vom 2025-11-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J2YFYRHG3D4WKV5P6XA25CFPNSEBUKHC/"
}
],
"source_lang": "en-US",
"title": "Mehrere Webserver: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-11-10T23:00:00.000+00:00",
"generator": {
"date": "2025-11-11T06:37:21.182+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2522",
"initial_release_date": "2016-07-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2016-07-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2016-07-18T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-18T22:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-18T22:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-19T22:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2016-07-20T22:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2016-07-20T22:00:00.000+00:00",
"number": "7",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-07-27T22:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2016-07-27T22:00:00.000+00:00",
"number": "9",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-02T22:00:00.000+00:00",
"number": "10",
"summary": "New remediations available"
},
{
"date": "2016-08-02T22:00:00.000+00:00",
"number": "11",
"summary": "New remediations available"
},
{
"date": "2016-08-02T22:00:00.000+00:00",
"number": "12",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "14",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "15",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "16",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-11T22:00:00.000+00:00",
"number": "17",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-17T22:00:00.000+00:00",
"number": "18",
"summary": "New remediations available"
},
{
"date": "2016-08-17T22:00:00.000+00:00",
"number": "19",
"summary": "New remediations available"
},
{
"date": "2016-08-17T22:00:00.000+00:00",
"number": "20",
"summary": "New remediations available"
},
{
"date": "2016-08-18T22:00:00.000+00:00",
"number": "21",
"summary": "New remediations available"
},
{
"date": "2016-08-18T22:00:00.000+00:00",
"number": "22",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-21T22:00:00.000+00:00",
"number": "23",
"summary": "New remediations available"
},
{
"date": "2016-08-21T22:00:00.000+00:00",
"number": "24",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-22T22:00:00.000+00:00",
"number": "25",
"summary": "New remediations available"
},
{
"date": "2016-08-22T22:00:00.000+00:00",
"number": "26",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-08-22T22:00:00.000+00:00",
"number": "27",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-09-04T22:00:00.000+00:00",
"number": "28",
"summary": "New remediations available"
},
{
"date": "2016-09-04T22:00:00.000+00:00",
"number": "29",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-09-06T22:00:00.000+00:00",
"number": "30",
"summary": "New remediations available"
},
{
"date": "2016-09-11T22:00:00.000+00:00",
"number": "31",
"summary": "New remediations available"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "32",
"summary": "New remediations available"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "33",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "34",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "35",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "36",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-03T22:00:00.000+00:00",
"number": "37",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-26T22:00:00.000+00:00",
"number": "38",
"summary": "New remediations available"
},
{
"date": "2016-11-06T23:00:00.000+00:00",
"number": "39",
"summary": "New remediations available"
},
{
"date": "2016-11-06T23:00:00.000+00:00",
"number": "40",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-11-09T23:00:00.000+00:00",
"number": "41",
"summary": "New remediations available"
},
{
"date": "2016-11-20T23:00:00.000+00:00",
"number": "42",
"summary": "New remediations available"
},
{
"date": "2016-11-22T23:00:00.000+00:00",
"number": "43",
"summary": "New remediations available"
},
{
"date": "2016-11-22T23:00:00.000+00:00",
"number": "44",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-12-20T23:00:00.000+00:00",
"number": "45",
"summary": "New remediations available"
},
{
"date": "2017-01-12T23:00:00.000+00:00",
"number": "46",
"summary": "New remediations available"
},
{
"date": "2017-01-18T23:00:00.000+00:00",
"number": "47",
"summary": "New remediations available"
},
{
"date": "2017-01-23T23:00:00.000+00:00",
"number": "48",
"summary": "New remediations available"
},
{
"date": "2017-02-02T23:00:00.000+00:00",
"number": "49",
"summary": "New remediations available"
},
{
"date": "2017-06-20T22:00:00.000+00:00",
"number": "50",
"summary": "New remediations available"
},
{
"date": "2017-06-20T22:00:00.000+00:00",
"number": "51",
"summary": "New remediations available"
},
{
"date": "2017-06-20T22:00:00.000+00:00",
"number": "52",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-06-26T22:00:00.000+00:00",
"number": "53",
"summary": "New remediations available"
},
{
"date": "2017-08-07T22:00:00.000+00:00",
"number": "54",
"summary": "Added references"
},
{
"date": "2019-01-30T23:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von EMC aufgenommen"
},
{
"date": "2019-02-03T23:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-04-08T22:00:00.000+00:00",
"number": "57",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-AA7F37CD4D"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "59",
"summary": "Korrektur"
}
],
"status": "final",
"version": "59"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apache HTTP Server",
"product": {
"name": "Apache HTTP Server",
"product_id": "67869",
"product_identification_helper": {
"cpe": "cpe:/a:apache:http_server:-"
}
}
},
{
"category": "product_name",
"name": "Apache Tomcat",
"product": {
"name": "Apache Tomcat",
"product_id": "643",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:-"
}
}
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC VNX1",
"product": {
"name": "EMC VNX1",
"product_id": "T004667",
"product_identification_helper": {
"cpe": "cpe:/h:emc:vnx:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE HP-UX",
"product": {
"name": "HPE HP-UX",
"product_id": "4871",
"product_identification_helper": {
"cpe": "cpe:/o:hp:hp-ux:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source PHP",
"product": {
"name": "Open Source PHP",
"product_id": "8746",
"product_identification_helper": {
"cpe": "cpe:/a:php:php:-"
}
}
},
{
"category": "product_name",
"name": "Open Source Python",
"product": {
"name": "Open Source Python",
"product_id": "113051",
"product_identification_helper": {
"cpe": "cpe:/a:python:python:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server",
"product": {
"name": "Red Hat JBoss Web Server",
"product_id": "T003426",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "12 SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP1",
"product_id": "T006804",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_desktop:12:sp1"
}
}
}
],
"category": "product_name",
"name": "Linux Enterprise Desktop"
},
{
"branches": [
{
"category": "product_version",
"name": "12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "T007836",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_server:12:sp1"
}
}
}
],
"category": "product_name",
"name": "Linux Enterprise Server"
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.2.1",
"product": {
"name": "TYPO3 Core \u003c8.2.1",
"product_id": "T008046"
}
},
{
"category": "product_version",
"name": "8.2.1",
"product": {
"name": "TYPO3 Core 8.2.1",
"product_id": "T008046-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:typo3:typo3:8.2.1"
}
}
}
],
"category": "product_name",
"name": "Core"
}
],
"category": "vendor",
"name": "TYPO3"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "131442",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1000104",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000104"
},
{
"cve": "CVE-2016-1000105",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000105"
},
{
"cve": "CVE-2016-1000107",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000107"
},
{
"cve": "CVE-2016-1000108",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000108"
},
{
"cve": "CVE-2016-1000109",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000109"
},
{
"cve": "CVE-2016-1000110",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000110"
},
{
"cve": "CVE-2016-1000111",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-1000111"
},
{
"cve": "CVE-2016-5385",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-5385"
},
{
"cve": "CVE-2016-5386",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-5386"
},
{
"cve": "CVE-2016-5387",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-5387"
},
{
"cve": "CVE-2016-5388",
"product_status": {
"known_affected": [
"131442",
"67646",
"4871",
"T004667",
"67869",
"T003426",
"T007836",
"T006804",
"2951",
"T002207",
"643",
"T027843",
"8746",
"1727",
"T008046",
"113051"
]
},
"release_date": "2016-07-18T22:00:00.000+00:00",
"title": "CVE-2016-5388"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…