VAR-201707-0556
Vulnerability from variot - Updated: 2025-12-19 20:20Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. Cosminexus HTTP Server and Hitachi Web Server has a vulnerability (CVE-2016-8743) exists.May have unspecified impact. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
Security Fix(es):
-
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2161)
-
A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056)
-
A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. (CVE-2016-8740)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. JIRA issues fixed (https://issues.jboss.org/):
JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan
macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now available and address the following:
802.1X Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An attacker may be able to exploit weaknesses in TLS 1.0 Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2. CVE-2017-13832: an anonymous researcher
apache Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Multiple issues in Apache Description: Multiple issues were addressed by updating to version 2.4.27. CVE-2016-736 CVE-2016-2161 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 CVE-2017-9789
APFS Available for: macOS High Sierra 10.13 Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation. CVE-2017-13786: an anonymous researcher
APFS Available for: macOS High Sierra 10.13 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum
AppleScript Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution Description: A validation issue was addressed with improved input sanitization. CVE-2017-13809: an anonymous researcher
ATS Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved input validation. CVE-2017-13820: John Villamil, Doyensec
Audio Available for: macOS Sierra 10.12.6 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team
CFString Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13821: Australian Cyber Security Centre a Australian Signals Directorate
CoreText Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-13825: Australian Cyber Security Centre a Australian Signals Directorate
curl Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-1000100: Even Rouault, found by OSS-Fuzz
curl Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-1000101: Brian Carpenter, Yongji Ouyang
Dictionary Widget Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Searching pasted text in the Dictionary widget may lead to compromise of user information Description: A validation issue existed which allowed local file access. This was addressed with input sanitization. CVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com)
file Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.31. CVE-2017-13815
Fonts Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13828: an anonymous researcher
fsck_msdos Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13811: an anonymous researcher
Heimdal Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An attacker in a privileged network position may be able to impersonate a service Description: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation. CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams
HelpViewer Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A quarantined HTML file may execute arbitrary JavaScript cross-origin Description: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file. CVE-2017-13819: an anonymous researcher
HFS Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum
ImageIO Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-13814: Australian Cyber Security Centre a Australian Signals Directorate
ImageIO Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted image may lead to a denial of service Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-2017-13831: an anonymous researcher
Kernel Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A local user may be able to leak sensitive user information Description: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation. CVE-2017-13810: an anonymous researcher
Kernel Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13817: Maxime Villard (m00nbsd)
Kernel Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13818: The UK's National Cyber Security Centre (NCSC) CVE-2017-13836: an anonymous researcher, an anonymous researcher CVE-2017-13841: an anonymous researcher CVE-2017-13840: an anonymous researcher CVE-2017-13842: an anonymous researcher CVE-2017-13782: Kevin Backhouse of Semmle Ltd.
Kernel Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13799: an anonymous researcher
Kernel Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13843: an anonymous researcher
Kernel Available for: macOS Sierra 10.12.6 Impact: Processing a malformed mach binary may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved validation. CVE-2017-13834: Maxime Villard (m00nbsd)
libarchive Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-13813: found by OSS-Fuzz CVE-2017-13816: found by OSS-Fuzz
libarchive Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation. CVE-2017-13812: found by OSS-Fuzz
libarchive Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2016-4736: Proteas of Qihoo 360 Nirvan Team
Open Scripting Architecture Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13824: an anonymous researcher
PCRE Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.40. CVE-2017-13846
Postfix Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Multiple issues in Postfix Description: Multiple issues were addressed by updating to version 3.2.2. CVE-2017-13826: an anonymous researcher
Quick Look Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13822: Australian Cyber Security Centre a Australian Signals Directorate
Quick Look Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-7132: Australian Cyber Security Centre a Australian Signals Directorate
QuickTime Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13823: an anonymous researcher
Remote Management Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13808: an anonymous researcher
Sandbox Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13838: an anonymous researcher
StreamingZip Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A malicious zip file may be able modify restricted areas of the file system Description: A path handling issue was addressed with improved validation. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.
tcpdump Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6 Impact: Multiple issues in tcpdump Description: Multiple issues were addressed by updating to version 4.9.2. CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725
Wi-Fi Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
Installation note:
macOS High Sierra 10.13.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u74pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZL1A// WjcVy4745VcW+I0+qKZta734BUyZNPmQ+Jq5t5wt5tJN87UjQGfxNOtw8/BMC2hy bd9FOtfIPzPvEyjiVJCE2LZPNAIh/DUWzo8XozKHgbjjN4vxodnVwLXQ3rMMXqBI yiQseOurBofRKXyQwi+6nx6DhzvX63d0dsdXHfnpEKYDjPLRWDQOk92d6SxJqtYM tpYWiDJkssYEIS/oTlffOfwSvo2P5qffSEgsKjS4MvXLmG98IEAacEGmszpddeDZ 8SALW7QFrlYQNXi8YY0U9jc9em2aiaLKs0icuCKSxrcnvkB1T/8b23tG/SmnZ6vu yaFKFdMShtnmtMOr2FRg6tvQOn0traIbUMbh+7MDpr7IZIq2Nj5PanqMvQZ3R/tQ wfIN7buS/HACZycceaJu7y5GNjL3u2y3fsNLcMzUADkf5Z1LwcihPuh3563uzlho HcGolNk19S0Q/+ixWYDvJoLEaQmA7PPOdsCIlj8IGJgw42P78iuE+NBhQuttn/35 siLGxUUpWyXlFWoZvbLVM1jk7SUnrCSQWyRTvnh80Gdq+zym5N986uP7+9/GUIZ/ 4e4I5edR85eC1Nfhqbceg4U0wc2/Ox+l9Cah+awIbemt1MtigjT9Hkwd+xUMwTN6 /49TlNfE12+rdM9LB5L7+zgUPbhsQzH/l23fK6mIPAs= =pFCC -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd24-httpd security, bug fix, and enhancement update Advisory ID: RHSA-2017:1161-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:1161 Issue date: 2017-04-26 CVE Names: CVE-2016-0736 CVE-2016-1546 CVE-2016-2161 CVE-2016-8740 CVE-2016-8743 =====================================================================
- Summary:
Updated httpd24 packages are now available as a part of Red Hat Software Collections 2.4 for Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number of bug fixes and enhancements over the previous version. For detailed changes, see the Red Hat Software Collections 2.4 Release Notes linked from the References section. (BZ#1404778)
Security Fix(es):
-
It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)
-
A denial of service flaw was found in httpd's mod_http2 module. A remote attacker could use this flaw to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams. (CVE-2016-1546)
-
It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)
-
It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.
-
A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1329639 - error in service httpd24-httpd configtest 1335616 - Backport Apache PR58118 to fix mod_proxy_fcgi spamming non-errors: AH01075: Error dispatching request to : (passing brigade to output filters) 1336350 - CVE-2016-1546 httpd: mod_http2 denial-of-service by thread starvation 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1414037 - mod_proxy_fcgi regression in 2.4.23+ 1432249 - must fail startup with conflicting Listen directives 1433474 - wrong requires of httpd24-httpd and httpd24-httpd-tools
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: httpd24-httpd-2.4.25-9.el6.src.rpm
noarch: httpd24-httpd-manual-2.4.25-9.el6.noarch.rpm
x86_64: httpd24-httpd-2.4.25-9.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: httpd24-httpd-2.4.25-9.el6.src.rpm
noarch: httpd24-httpd-manual-2.4.25-9.el6.noarch.rpm
x86_64: httpd24-httpd-2.4.25-9.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd24-httpd-2.4.25-9.el6.src.rpm
noarch: httpd24-httpd-manual-2.4.25-9.el6.noarch.rpm
x86_64: httpd24-httpd-2.4.25-9.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el6.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el6.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el6.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el6.x86_64.rpm httpd24-mod_session-2.4.25-9.el6.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.25-9.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.25-9.el7.noarch.rpm
x86_64: httpd24-httpd-2.4.25-9.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: httpd24-httpd-2.4.25-9.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.25-9.el7.noarch.rpm
x86_64: httpd24-httpd-2.4.25-9.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.25-9.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.25-9.el7.noarch.rpm
x86_64: httpd24-httpd-2.4.25-9.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.25-9.el7.x86_64.rpm httpd24-httpd-devel-2.4.25-9.el7.x86_64.rpm httpd24-httpd-tools-2.4.25-9.el7.x86_64.rpm httpd24-mod_ldap-2.4.25-9.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.25-9.el7.x86_64.rpm httpd24-mod_session-2.4.25-9.el7.x86_64.rpm httpd24-mod_ssl-2.4.25-9.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0736 https://access.redhat.com/security/cve/CVE-2016-1546 https://access.redhat.com/security/cve/CVE-2016-2161 https://access.redhat.com/security/cve/CVE-2016-8740 https://access.redhat.com/security/cve/CVE-2016-8743 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/2/html/2.4_Release_Notes/chap-RHSCL.html#sect-RHSCL-Changes-httpd
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZAJq1XlSAg2UNWIIRAlGKAJ9zNHkvJQ9/I+imHbgRwjelvV9xKgCeLyYO SjFZr+hN7gjeQOgcC0kswCY= =m+ZH -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux03725en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbux03725en_us Version: 1
HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-03-29 Last Updated: 2017-03-29
Potential Security Impact: Remote: Denial of Service (DoS), Unauthorized Read Access to Data
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3.
- HP-UX Apache-based Web Server B.11.31 - httpd prior to B.2.4.18.02
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-0736
0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-2161
0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-2183
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-2016-8740
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-8743
0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software updates to resolve the vulnerabilities with HP-UX Web Server Suite running Apache.
Apache 2.4.18.02 for HP-UX Release B.11.31 (PA and IA):
- 32 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-64.depot)
- 64 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-32.depot)
Note: The depot files can be found here: https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=HPUXWSATW503
MANUAL ACTIONS: Yes - Update Download and install the software update
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA
AFFECTED VERSIONS
HP-UX B.11.31 IA/PA
===================
hpuxws24APACHE.APACHE
hpuxws24APACHE.APACHE2
hpuxws24APACHE.AUTH_LDAP
hpuxws24APACHE.AUTH_LDAP2
hpuxws24APACHE.MOD_JK
hpuxws24APACHE.MOD_JK2
hpuxws24APACHE.MOD_PERL
hpuxws24APACHE.MOD_PERL2
hpuxws24APACHE.WEBPROXY
hpuxws24APACHE.WEBPROXY2
action: install B.2.4.18.02 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 29 March 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ========================================================================== Ubuntu Security Notice USN-3279-1 May 09, 2017
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description: - apache2: Apache HTTP server
Details:
It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. (CVE-2016-0736)
Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: apache2-bin 2.4.18-2ubuntu4.1
Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.2
Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.14
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0556",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.31"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.23"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.1"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "webotx",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "hitachi it operations director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/integrated management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/service support",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "istorage",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/operations analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/it desktop management - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/it desktop management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "simpwright",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "spoolserver\u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "job management partner 1/it desktop management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "mailshooter",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "csview",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "job management partner 1/performance management - web console",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic job management system 3",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi application server for developers",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "job management partner 1/it desktop management - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "job management partner 1/integrated management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic operation",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi web server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.9"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.16"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.6"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.17"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.10"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.18"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.20"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.23"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10.186"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.20"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15-210"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.6"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.32"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.29"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.25"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.9.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5.146"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.16"
},
{
"model": "jboss core services on rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "60"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2"
},
{
"model": "security update el capitan",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0010"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.11"
},
{
"model": "enterprise linux client optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.16"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.2.127"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2.106"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.12"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8.179"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.17"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.14.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.21"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.20"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.22"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"model": "jboss core services on rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "70"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.8"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.11"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6.156"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.18"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.19"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.14"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.6"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.17"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.0.121"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.26"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4.143"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.15210"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.3"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.13"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.19"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"model": "security update yosemite",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0010"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1.3.132"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.13"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.25"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.10"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0.1.104"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.6"
}
],
"sources": [
{
"db": "BID",
"id": "95077"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"db": "NVD",
"id": "CVE-2016-8743"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Dennerline at IBM Security\u0027s X-Force Researchers as well as Regis Leroy",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
}
],
"trust": 0.6
},
"cve": "CVE-2016-8743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8743",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "VENDOR",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-008607",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8743",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "VENDOR",
"availabilityImpact": "None",
"baseScore": 4.0,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-008607",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8743",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VENDOR",
"id": "JVNDB-2016-008607",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-648",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-8743",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8743"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"db": "NVD",
"id": "CVE-2016-8743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. Cosminexus HTTP Server and Hitachi Web Server has a vulnerability (CVE-2016-8743) exists.May have unspecified impact. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious\nuser with local access to recover ECDSA P-256 private keys. (CVE-2016-7056)\n\n* A denial of service flaw was found in the way the TLS/SSL protocol\ndefined processing of ALERT packets during a connection handshake. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. \nUpstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original\nreporter of CVE-2016-6304. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1,\nSecurity Update 2017-001 Sierra, Security Update 2017-004 El Capitan\n\nmacOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security\nUpdate 2017-004 El Capitan are now available and address the\nfollowing:\n\n802.1X\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\nDescription: A protocol security issue was addressed by enabling TLS\n1.1 and TLS 1.2. \nCVE-2017-13832: an anonymous researcher\n\napache\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Multiple issues in Apache\nDescription: Multiple issues were addressed by updating to version\n2.4.27. \nCVE-2016-736\nCVE-2016-2161\nCVE-2016-5387\nCVE-2016-8740\nCVE-2016-8743\nCVE-2017-3167\nCVE-2017-3169\nCVE-2017-7659\nCVE-2017-7668\nCVE-2017-7679\nCVE-2017-9788\nCVE-2017-9789\n\nAPFS\nAvailable for: macOS High Sierra 10.13\nImpact: A malicious Thunderbolt adapter may be able to recover\nunencrypted APFS filesystem data\nDescription: An issue existed in the handling of DMA. This issue was\naddressed by limiting the time the FileVault decryption buffers are\nDMA mapped to the duration of the I/O operation. \nCVE-2017-13786: an anonymous researcher\n\nAPFS\nAvailable for: macOS High Sierra 10.13\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum\n\nAppleScript\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Decompiling an AppleScript with osadecompile may lead to\narbitrary code execution\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13809: an anonymous researcher\n\nATS\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2017-13820: John Villamil, Doyensec\n\nAudio\nAvailable for: macOS Sierra 10.12.6\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nCFString\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13821: Australian Cyber Security Centre a Australian Signals\nDirectorate\n\nCoreText\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-13825: Australian Cyber Security Centre a Australian Signals\nDirectorate\n\ncurl\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El\nCapitan 10.11.6\nImpact: Uploading using TFTP to a maliciously crafted URL with\nlibcurl may disclose application memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2017-1000100: Even Rouault, found by OSS-Fuzz\n\ncurl\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El\nCapitan 10.11.6\nImpact: Processing a maliciously crafted URL with libcurl may cause\nunexpected application termination or read process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2017-1000101: Brian Carpenter, Yongji Ouyang\n\nDictionary Widget\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El\nCapitan 10.11.6\nImpact: Searching pasted text in the Dictionary widget may lead to\ncompromise of user information\nDescription: A validation issue existed which allowed local file\naccess. This was addressed with input sanitization. \nCVE-2017-13801: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nfile\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Multiple issues in file\nDescription: Multiple issues were addressed by updating to version\n5.31. \nCVE-2017-13815\n\nFonts\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Rendering untrusted text may lead to spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-13828: an anonymous researcher\n\nfsck_msdos\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13811: an anonymous researcher\n\nHeimdal\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An attacker in a privileged network position may be able\nto impersonate a service\nDescription: A validation issue existed in the handling of\nthe KDC-REP service name. This issue was addressed through improved\nvalidation. \nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nHelpViewer\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: A quarantined HTML file may execute arbitrary JavaScript\ncross-origin\nDescription: A cross-site scripting issue existed in HelpViewer. This\nissue was addressed by removing the affected file. \nCVE-2017-13819: an anonymous researcher\n\nHFS\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nImageIO\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-13814: Australian Cyber Security Centre a Australian Signals\nDirectorate\n\nImageIO\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-2017-13831: an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: A local user may be able to leak sensitive user information\nDescription: A permissions issue existed in kernel packet counters. \nThis issue was addressed through improved permission validation. \nCVE-2017-13810: an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nKernel\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13818: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2017-13836: an anonymous researcher, an anonymous researcher\nCVE-2017-13841: an anonymous researcher\nCVE-2017-13840: an anonymous researcher\nCVE-2017-13842: an anonymous researcher\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd. \n\nKernel\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13799: an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13843: an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.6\nImpact: Processing a malformed mach binary may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed through improved\nvalidation. \nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nlibarchive\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-13813: found by OSS-Fuzz\nCVE-2017-13816: found by OSS-Fuzz\n\nlibarchive\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed through improved input validation. \nCVE-2017-13812: found by OSS-Fuzz\n\nlibarchive\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2016-4736: Proteas of Qihoo 360 Nirvan Team\n\nOpen Scripting Architecture\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Decompiling an AppleScript with osadecompile may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13824: an anonymous researcher\n\nPCRE\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Multiple issues in pcre\nDescription: Multiple issues were addressed by updating to version\n8.40. \nCVE-2017-13846\n\nPostfix\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Multiple issues in Postfix\nDescription: Multiple issues were addressed by updating to version\n3.2.2. \nCVE-2017-13826: an anonymous researcher\n\nQuick Look\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13822: Australian Cyber Security Centre a Australian Signals\nDirectorate\n\nQuick Look\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: Parsing a maliciously crafted office document may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-7132: Australian Cyber Security Centre a Australian Signals\nDirectorate\n\nQuickTime\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13823: an anonymous researcher\n\nRemote Management\nAvailable for: macOS Sierra 10.12.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13808: an anonymous researcher\n\nSandbox\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13838: an anonymous researcher\n\nStreamingZip\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El\nCapitan 10.11.6\nImpact: A malicious zip file may be able modify restricted areas of\nthe file system\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. \n\ntcpdump\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\nImpact: Multiple issues in tcpdump\nDescription: Multiple issues were addressed by updating to version\n4.9.2. \nCVE-2017-11108\nCVE-2017-11541\nCVE-2017-11542\nCVE-2017-11543\nCVE-2017-12893\nCVE-2017-12894\nCVE-2017-12895\nCVE-2017-12896\nCVE-2017-12897\nCVE-2017-12898\nCVE-2017-12899\nCVE-2017-12900\nCVE-2017-12901\nCVE-2017-12902\nCVE-2017-12985\nCVE-2017-12986\nCVE-2017-12987\nCVE-2017-12988\nCVE-2017-12989\nCVE-2017-12990\nCVE-2017-12991\nCVE-2017-12992\nCVE-2017-12993\nCVE-2017-12994\nCVE-2017-12995\nCVE-2017-12996\nCVE-2017-12997\nCVE-2017-12998\nCVE-2017-12999\nCVE-2017-13000\nCVE-2017-13001\nCVE-2017-13002\nCVE-2017-13003\nCVE-2017-13004\nCVE-2017-13005\nCVE-2017-13006\nCVE-2017-13007\nCVE-2017-13008\nCVE-2017-13009\nCVE-2017-13010\nCVE-2017-13011\nCVE-2017-13012\nCVE-2017-13013\nCVE-2017-13014\nCVE-2017-13015\nCVE-2017-13016\nCVE-2017-13017\nCVE-2017-13018\nCVE-2017-13019\nCVE-2017-13020\nCVE-2017-13021\nCVE-2017-13022\nCVE-2017-13023\nCVE-2017-13024\nCVE-2017-13025\nCVE-2017-13026\nCVE-2017-13027\nCVE-2017-13028\nCVE-2017-13029\nCVE-2017-13030\nCVE-2017-13031\nCVE-2017-13032\nCVE-2017-13033\nCVE-2017-13034\nCVE-2017-13035\nCVE-2017-13036\nCVE-2017-13037\nCVE-2017-13038\nCVE-2017-13039\nCVE-2017-13040\nCVE-2017-13041\nCVE-2017-13042\nCVE-2017-13043\nCVE-2017-13044\nCVE-2017-13045\nCVE-2017-13046\nCVE-2017-13047\nCVE-2017-13048\nCVE-2017-13049\nCVE-2017-13050\nCVE-2017-13051\nCVE-2017-13052\nCVE-2017-13053\nCVE-2017-13054\nCVE-2017-13055\nCVE-2017-13687\nCVE-2017-13688\nCVE-2017-13689\nCVE-2017-13690\nCVE-2017-13725\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El\nCapitan 10.11.6\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA\nclients (Key Reinstallation Attacks - KRACK)\nDescription: A logic issue existed in the handling of state\ntransitions. This was addressed with improved state management. \nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nmacOS High Sierra 10.13.1 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u74pHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZL1A//\nWjcVy4745VcW+I0+qKZta734BUyZNPmQ+Jq5t5wt5tJN87UjQGfxNOtw8/BMC2hy\nbd9FOtfIPzPvEyjiVJCE2LZPNAIh/DUWzo8XozKHgbjjN4vxodnVwLXQ3rMMXqBI\nyiQseOurBofRKXyQwi+6nx6DhzvX63d0dsdXHfnpEKYDjPLRWDQOk92d6SxJqtYM\ntpYWiDJkssYEIS/oTlffOfwSvo2P5qffSEgsKjS4MvXLmG98IEAacEGmszpddeDZ\n8SALW7QFrlYQNXi8YY0U9jc9em2aiaLKs0icuCKSxrcnvkB1T/8b23tG/SmnZ6vu\nyaFKFdMShtnmtMOr2FRg6tvQOn0traIbUMbh+7MDpr7IZIq2Nj5PanqMvQZ3R/tQ\nwfIN7buS/HACZycceaJu7y5GNjL3u2y3fsNLcMzUADkf5Z1LwcihPuh3563uzlho\nHcGolNk19S0Q/+ixWYDvJoLEaQmA7PPOdsCIlj8IGJgw42P78iuE+NBhQuttn/35\nsiLGxUUpWyXlFWoZvbLVM1jk7SUnrCSQWyRTvnh80Gdq+zym5N986uP7+9/GUIZ/\n4e4I5edR85eC1Nfhqbceg4U0wc2/Ox+l9Cah+awIbemt1MtigjT9Hkwd+xUMwTN6\n/49TlNfE12+rdM9LB5L7+zgUPbhsQzH/l23fK6mIPAs=\n=pFCC\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd24-httpd security, bug fix, and enhancement update\nAdvisory ID: RHSA-2017:1161-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1161\nIssue date: 2017-04-26\nCVE Names: CVE-2016-0736 CVE-2016-1546 CVE-2016-2161 \n CVE-2016-8740 CVE-2016-8743 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd24 packages are now available as a part of Red Hat Software\nCollections 2.4 for Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nThe httpd24 Software Collection has been upgraded to version 2.4.25, which\nprovides a number of bug fixes and enhancements over the previous version. \nFor detailed changes, see the Red Hat Software Collections 2.4 Release\nNotes linked from the References section. (BZ#1404778)\n\nSecurity Fix(es):\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. A remote attacker could use this flaw to decrypt and\nmodify session data using a padding oracle attack. (CVE-2016-0736)\n\n* A denial of service flaw was found in httpd\u0027s mod_http2 module. A remote\nattacker could use this flaw to block server threads for long times,\ncausing starvation of worker threads, by manipulating the flow control\nwindows on streams. (CVE-2016-1546)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. A remote attacker could use\nthis flaw to cause httpd child processes to repeatedly crash if the server\nused HTTP digest authentication. (CVE-2016-2161)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad\nRequest\" error to HTTP clients which do not strictly follow HTTP protocol\nspecification. A newly introduced configuration directive\n\"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict\nparsing. However, such setting also re-introduces the CVE-2016-8743 issue. \n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. An attacker\ncould send crafted requests with headers larger than the server\u0027s available\nmemory, causing httpd to crash. (CVE-2016-8740)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1329639 - error in service httpd24-httpd configtest\n1335616 - Backport Apache PR58118 to fix mod_proxy_fcgi spamming non-errors: AH01075: Error dispatching request to : (passing brigade to output filters)\n1336350 - CVE-2016-1546 httpd: mod_http2 denial-of-service by thread starvation\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1414037 - mod_proxy_fcgi regression in 2.4.23+\n1432249 - must fail startup with conflicting Listen directives\n1433474 - wrong requires of httpd24-httpd and httpd24-httpd-tools\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.25-9.el6.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.25-9.el6.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-devel-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-tools-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_ldap-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_session-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_ssl-2.4.25-9.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nhttpd24-httpd-2.4.25-9.el6.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.25-9.el6.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-devel-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-tools-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_ldap-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_session-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_ssl-2.4.25-9.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.25-9.el6.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.25-9.el6.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-devel-2.4.25-9.el6.x86_64.rpm\nhttpd24-httpd-tools-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_ldap-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_session-2.4.25-9.el6.x86_64.rpm\nhttpd24-mod_ssl-2.4.25-9.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.25-9.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.25-9.el7.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_session-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.25-9.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nhttpd24-httpd-2.4.25-9.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.25-9.el7.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_session-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.25-9.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.25-9.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.25-9.el7.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.25-9.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_session-2.4.25-9.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.25-9.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0736\nhttps://access.redhat.com/security/cve/CVE-2016-1546\nhttps://access.redhat.com/security/cve/CVE-2016-2161\nhttps://access.redhat.com/security/cve/CVE-2016-8740\nhttps://access.redhat.com/security/cve/CVE-2016-8743\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Software_Collections/2/html/2.4_Release_Notes/chap-RHSCL.html#sect-RHSCL-Changes-httpd\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZAJq1XlSAg2UNWIIRAlGKAJ9zNHkvJQ9/I+imHbgRwjelvV9xKgCeLyYO\nSjFZr+hN7gjeQOgcC0kswCY=\n=m+ZH\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux03725en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbux03725en_us\nVersion: 1\n\nHPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple\nVulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-03-29\nLast Updated: 2017-03-29\n\nPotential Security Impact: Remote: Denial of Service (DoS), Unauthorized Read\nAccess to Data\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Web Server\nSuite running Apache on HP-UX 11iv3. \n\n - HP-UX Apache-based Web Server B.11.31 - httpd prior to B.2.4.18.02\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-0736\n 0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N\n 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-2161\n 0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N\n 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-2183\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n CVE-2016-8740\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-8743\n 0.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N\n 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the\nvulnerabilities with HP-UX Web Server Suite running Apache. \n\nApache 2.4.18.02 for HP-UX Release B.11.31 (PA and IA):\n\n * 32 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-64.depot)\n * 64 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-32.depot)\n\n**Note:** The depot files can be found here:\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=HPUXWSATW503\u003e\n\nMANUAL ACTIONS: Yes - Update \nDownload and install the software update \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\n\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins \nissued by HPE and lists recommended actions that may apply to a specific\nHP-UX \nsystem. It can also download patches and create a depot automatically. For\nmore information see: \n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=B6834AA\u003e\n\n AFFECTED VERSIONS \n\n\n HP-UX B.11.31 IA/PA\n ===================\n\n hpuxws24APACHE.APACHE\n hpuxws24APACHE.APACHE2\n hpuxws24APACHE.AUTH_LDAP\n hpuxws24APACHE.AUTH_LDAP2\n hpuxws24APACHE.MOD_JK\n hpuxws24APACHE.MOD_JK2\n hpuxws24APACHE.MOD_PERL\n hpuxws24APACHE.MOD_PERL2\n hpuxws24APACHE.WEBPROXY\n hpuxws24APACHE.WEBPROXY2\n\n action: install B.2.4.18.02 or subsequent\n\n END AFFECTED VERSIONS\n\n\nHISTORY\nVersion:1 (rev.1) - 29 March 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. ==========================================================================\nUbuntu Security Notice USN-3279-1\nMay 09, 2017\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. \n\nSoftware Description:\n- apache2: Apache HTTP server\n\nDetails:\n\nIt was discovered that the Apache mod_session_crypto module was encrypting\ndata and cookies using either CBC or ECB modes. (CVE-2016-0736)\n\nMaksim Malyutin discovered that the Apache mod_auth_digest module\nincorrectly handled malicious input. A new configuration option \"HttpProtocolOptions Unsafe\" can\nbe used to revert to the previous unsafe behaviour in problematic\nenvironments. (CVE-2016-8743)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n apache2-bin 2.4.18-2ubuntu4.1\n\nUbuntu 16.04 LTS:\n apache2-bin 2.4.18-2ubuntu3.2\n\nUbuntu 14.04 LTS:\n apache2-bin 2.4.7-1ubuntu4.14\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8743"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"db": "BID",
"id": "95077"
},
{
"db": "VULMON",
"id": "CVE-2016-8743"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "142849"
},
{
"db": "PACKETSTORM",
"id": "144827"
},
{
"db": "PACKETSTORM",
"id": "142326"
},
{
"db": "PACKETSTORM",
"id": "141862"
},
{
"db": "PACKETSTORM",
"id": "142434"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8743",
"trust": 4.3
},
{
"db": "BID",
"id": "95077",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1037508",
"trust": 1.6
},
{
"db": "TENABLE",
"id": "TNS-2017-04",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU99304449",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008607",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4748",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1415",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201612-648",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-8743",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142849",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144827",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142326",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141862",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142434",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8743"
},
{
"db": "BID",
"id": "95077"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "142849"
},
{
"db": "PACKETSTORM",
"id": "144827"
},
{
"db": "PACKETSTORM",
"id": "142326"
},
{
"db": "PACKETSTORM",
"id": "141862"
},
{
"db": "PACKETSTORM",
"id": "142434"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"db": "NVD",
"id": "CVE-2016-8743"
}
]
},
"id": "VAR-201707-0556",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.206875005
},
"last_update_date": "2025-12-19T20:20:00.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2018-103",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743"
},
{
"title": "Apache httpd Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66668"
},
{
"title": "Red Hat: Moderate: httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171721 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170906 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd24-httpd security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171161 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171414 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171415 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171413 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2017-851",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-851"
},
{
"title": "Debian Security Advisories: DSA-3796-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0cabff5d756c97f9d71c1cafff6a8acc"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3279-1"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3373-1"
},
{
"title": "Debian CVElist Bug Report Logs: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d7fc65c11d6c61493afd8cf310064550"
},
{
"title": "Amazon Linux AMI: ALAS-2017-785",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-785"
},
{
"title": "Amazon Linux AMI: ALAS-2017-863",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-863"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=549dc795290b298746065b62b4bb7928"
},
{
"title": "Tenable Security Advisories: [R5] SecurityCenter 5.4.3 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2017-04"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-8743 "
},
{
"title": "DC-3-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough "
},
{
"title": "DC-2-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough "
},
{
"title": "Basic-Pentesting-2-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Basic-Pentesting-2",
"trust": 0.1,
"url": "https://github.com/vshaliii/Basic-Pentesting-2 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/NikulinMS/13-01-hw "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8743"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Data processing (CWE-19) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"db": "NVD",
"id": "CVE-2016-8743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:1413"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:1414"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:1161"
},
{
"trust": 1.6,
"url": "https://support.apple.com/ht208221"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2017/dsa-3796"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/errata/rhsa-2017:0906"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbmu03753en_us"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/95077"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/201701-36"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1037508"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20180423-0001/"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/errata/rhsa-2017:1721"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03725en_us"
},
{
"trust": 1.6,
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#cve-2016-8743"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99304449/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4975"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html#cve-2016-8743"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890@%3ccvs."
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10715641"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4748/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79678"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1138588"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-8740"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-0736"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-8743"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-2161"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbmu03753en_us"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832368.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8610"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6304"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-7056"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.23"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12896"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000100"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1298"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12894"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12985"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000101"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12987"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/2/html/2.4_release_notes/chap-rhscl.html#sect-rhscl-changes-httpd"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbux03725en_us"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu4.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3279-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.14"
}
],
"sources": [
{
"db": "BID",
"id": "95077"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "142849"
},
{
"db": "PACKETSTORM",
"id": "144827"
},
{
"db": "PACKETSTORM",
"id": "142326"
},
{
"db": "PACKETSTORM",
"id": "141862"
},
{
"db": "PACKETSTORM",
"id": "142434"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"db": "NVD",
"id": "CVE-2016-8743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-8743"
},
{
"db": "BID",
"id": "95077"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "142847"
},
{
"db": "PACKETSTORM",
"id": "142849"
},
{
"db": "PACKETSTORM",
"id": "144827"
},
{
"db": "PACKETSTORM",
"id": "142326"
},
{
"db": "PACKETSTORM",
"id": "141862"
},
{
"db": "PACKETSTORM",
"id": "142434"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"db": "NVD",
"id": "CVE-2016-8743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8743"
},
{
"date": "2016-12-20T00:00:00",
"db": "BID",
"id": "95077"
},
{
"date": "2017-06-07T22:47:57",
"db": "PACKETSTORM",
"id": "142848"
},
{
"date": "2017-06-07T22:47:43",
"db": "PACKETSTORM",
"id": "142847"
},
{
"date": "2017-06-07T22:48:07",
"db": "PACKETSTORM",
"id": "142849"
},
{
"date": "2017-11-01T15:41:26",
"db": "PACKETSTORM",
"id": "144827"
},
{
"date": "2017-04-26T16:05:26",
"db": "PACKETSTORM",
"id": "142326"
},
{
"date": "2017-03-30T16:04:18",
"db": "PACKETSTORM",
"id": "141862"
},
{
"date": "2017-05-09T22:22:00",
"db": "PACKETSTORM",
"id": "142434"
},
{
"date": "2016-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-648"
},
{
"date": "2017-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"date": "2017-07-27T21:29:00.287000",
"db": "NVD",
"id": "CVE-2016-8743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8743"
},
{
"date": "2017-09-27T18:00:00",
"db": "BID",
"id": "95077"
},
{
"date": "2022-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-648"
},
{
"date": "2023-06-29T00:58:00",
"db": "JVNDB",
"id": "JVNDB-2016-008607"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "142434"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cosminexus\u00a0HTTP\u00a0Server\u00a0 and \u00a0Hitachi\u00a0Web\u00a0Server\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008607"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-648"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.