CVE-2015-0253

Vulnerability from cvelistv5

Published

2015-07-20 23:00

Modified

2024-08-06 04:03

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Mailing List
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html	Mailing List
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1666.html
secalert@redhat.com	http://www.apache.org/dist/httpd/CHANGES_2.4	Release Notes, Vendor Advisory
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/75964
secalert@redhat.com	http://www.securitytracker.com/id/1032967
secalert@redhat.com	https://bz.apache.org/bugzilla/show_bug.cgi?id=57531	Issue Tracking
secalert@redhat.com	https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb
secalert@redhat.com	https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3
secalert@redhat.com	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://support.apple.com/HT205219	Third Party Advisory
secalert@redhat.com	https://support.apple.com/kb/HT205031	Third Party Advisory

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:03:10.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
          },
          {
            "name": "RHSA-2015:1666",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
          },
          {
            "name": "1032967",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032967"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "75964",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75964"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "name": "APPLE-SA-2015-09-16-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:10:56",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
        },
        {
          "name": "RHSA-2015:1666",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
        },
        {
          "name": "1032967",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032967"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "name": "75964",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75964"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "name": "APPLE-SA-2015-09-16-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0253",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531",
              "refsource": "CONFIRM",
              "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
            },
            {
              "name": "http://httpd.apache.org/security/vulnerabilities_24.html",
              "refsource": "CONFIRM",
              "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
              "name": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb",
              "refsource": "CONFIRM",
              "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "http://www.apache.org/dist/httpd/CHANGES_2.4",
              "refsource": "CONFIRM",
              "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
            },
            {
              "name": "RHSA-2015:1666",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
            },
            {
              "name": "1032967",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032967"
            },
            {
              "name": "APPLE-SA-2015-08-13-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
            },
            {
              "name": "75964",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75964"
            },
            {
              "name": "https://support.apple.com/kb/HT205031",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT205031"
            },
            {
              "name": "APPLE-SA-2015-09-16-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
            },
            {
              "name": "https://support.apple.com/HT205219",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205219"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3",
              "refsource": "CONFIRM",
              "url": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-0253",
    "datePublished": "2015-07-20T23:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T04:03:10.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0253\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-07-20T23:59:00.067\",\"lastModified\":\"2023-11-07T02:23:21.217\",\"vulnStatus\":\"Modified\",\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/476.html\\\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n read_request_line en server/protocol.c del Servidor HTTP Apache en su versi\u00f3n 2.4.12 no inicializa el protocolo de estructura de miembro, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio mediante la referencia a un puntero NULO y la ca\u00edda procesos a trav\u00e9s del env\u00edo de una solicitud que carece de un m\u00e9todo para una instalaci\u00f3n que habilita el filtro INCLUDE y tiene una directiva ErrorDocument 400 especificando un URI local.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B0A12E-E122-4189-A05E-4FEA43C19876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ACDF399-AE56-4130-8686-F8E4C9014DD9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104DA87B-DEE4-4262-AE50-8E6BC43B228B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79A602C5-61FE-47BA-9786-F045B6C6DBA8\"}]}]}],\"references\":[{\"url\":\"http://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1666.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.apache.org/dist/httpd/CHANGES_2.4\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75964\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1032967\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bz.apache.org/bugzilla/show_bug.cgi?id=57531\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT205219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

gsd-2015-0253

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2015-0253

Aliases

CVE-2015-0253

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0253",
    "description": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.",
    "id": "GSD-2015-0253",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-0253.html",
      "https://access.redhat.com/errata/RHSA-2015:1666",
      "https://alas.aws.amazon.com/cve/html/CVE-2015-0253.html",
      "https://linux.oracle.com/cve/CVE-2015-0253.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0253"
      ],
      "details": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.",
      "id": "GSD-2015-0253",
      "modified": "2023-12-13T01:19:57.977243Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-0253",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531",
            "refsource": "CONFIRM",
            "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
          },
          {
            "name": "http://httpd.apache.org/security/vulnerabilities_24.html",
            "refsource": "CONFIRM",
            "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "name": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb",
            "refsource": "CONFIRM",
            "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "http://www.apache.org/dist/httpd/CHANGES_2.4",
            "refsource": "CONFIRM",
            "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
          },
          {
            "name": "RHSA-2015:1666",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
          },
          {
            "name": "1032967",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032967"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "75964",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75964"
          },
          {
            "name": "https://support.apple.com/kb/HT205031",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "name": "APPLE-SA-2015-09-16-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
          },
          {
            "name": "https://support.apple.com/HT205219",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205219"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3",
            "refsource": "CONFIRM",
            "url": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0253"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://httpd.apache.org/security/vulnerabilities_24.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
              "name": "http://www.apache.org/dist/httpd/CHANGES_2.4",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
            },
            {
              "name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
            },
            {
              "name": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
            },
            {
              "name": "APPLE-SA-2015-08-13-2",
              "refsource": "APPLE",
              "tags": [
                "Mailing List"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
            },
            {
              "name": "https://support.apple.com/kb/HT205031",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/kb/HT205031"
            },
            {
              "name": "APPLE-SA-2015-09-16-4",
              "refsource": "APPLE",
              "tags": [
                "Mailing List"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
            },
            {
              "name": "https://support.apple.com/HT205219",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/HT205219"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "75964",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/75964"
            },
            {
              "name": "1032967",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032967"
            },
            {
              "name": "RHSA-2015:1666",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-06-06T11:15Z",
      "publishedDate": "2015-07-20T23:59Z"
    }
  }
}

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apache HTTP Server is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause an affected application to crash, resulting in a denial-of-service condition. The server is fast, reliable and extensible through a simple API. The vulnerability is caused by the fact that the program does not initialize the structure members. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: httpd24-httpd security update Advisory ID: RHSA-2015:1666-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html Issue date: 2015-08-24 CVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 =====================================================================

Summary:

Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)

It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)

Note: This update introduces new a new API function, ap_some_authn_required(), which correctly indicates if a request is authenticated. External httpd modules using the old API function should be modified to use the new one to completely resolve this issue.

A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. (CVE-2015-0253)

All httpd24-httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service will be restarted automatically.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path

Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm

noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm

x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):

Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm

noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):

Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm

noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm

noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm

noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm

x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):

Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm

noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm

noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2015-0228 https://access.redhat.com/security/cve/CVE-2015-0253 https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H y5DWl0MjeqKeAOHiddwyDdU= =yzQP -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-16-4 OS X Server 5.0.3

OS X Server 5.0.3 is now available and addresses the following:

apache Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in Apache, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These issues were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185

BIND Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7. CVE-ID CVE-2014-8500 CVE-2015-1349

PostgreSQL Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL versions prior to 9.3.9. These issues were addressed by updating PostgreSQL to version 9.3.9. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167

Wiki Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple XML security issues in Wiki Server Description: Multiple XML vulnerabilities existed in Wiki Server based on Twisted. This issue was addressed by removing Twisted. CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center

OS X Server 5.0.3 may be obtained from the Mac App Store.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: * CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. * CVE-2015-3183: core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 14.0 package: d78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz

Slackware 14.1 package: ea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz

Slackware -current package: 01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz

Slackware x86_64 -current package: 70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg httpd-2.4.16-i486-1_slack14.1.txz

Then, restart Apache httpd:

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0059",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "apache",
        "version": "2.4.12"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "macos server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.0.3   (os x yosemite v10.10.5 or later )"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0253"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yann Ylavic",
    "sources": [
      {
        "db": "BID",
        "id": "75964"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0253",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-0253",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-78199",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0253",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-656",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78199",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-0253",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78199"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0253"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apache HTTP Server is prone to a remote denial-of-service vulnerability. \nSuccessful exploits may allow an attacker to cause an affected application to crash, resulting in a denial-of-service condition. The server is fast, reliable and extensible through a simple API. The vulnerability is caused by the fact that the program does not initialize the structure members. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: httpd24-httpd security update\nAdvisory ID:       RHSA-2015:1666-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1666.html\nIssue date:        2015-08-24\nCVE Names:         CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 \n                   CVE-2015-3185 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd24-httpd packages that fix multiple security issues are now\navailable for Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nIt was discovered that in httpd 2.4, the internal API function\nap_some_auth_required() could incorrectly indicate that a request was\nauthenticated even when no authentication was used. An httpd module using\nthis API function could consequently allow access that should have been\ndenied. (CVE-2015-3185)\n\nNote: This update introduces new a new API function,\nap_some_authn_required(), which correctly indicates if a request is\nauthenticated. External httpd modules using the old API function should be\nmodified to use the new one to completely resolve this issue. \n\nA denial of service flaw was found in the way the mod_lua httpd module\nprocessed certain WebSocket Ping requests. A remote attacker could send a\nspecially crafted WebSocket Ping packet that would cause the httpd child\nprocess to crash. A remote attacker could possibly use this flaw to\ncrash the httpd child process using a request that triggers a certain HTTP\nerror. (CVE-2015-0253)\n\nAll httpd24-httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0228\nhttps://access.redhat.com/security/cve/CVE-2015-0253\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3185\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H\ny5DWl0MjeqKeAOHiddwyDdU=\n=yzQP\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-4 OS X Server 5.0.3\n\nOS X Server 5.0.3 is now available and addresses the following:\n\napache\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilities in Apache, the most serious of\nwhich may allow a remote attacker to cause a denial of service\nDescription:  Multiple vulnerabilities existed in Apache versions\nprior to 2.4.16. These issues were addressed by updating Apache to\nversion 2.4.16. \nCVE-ID\nCVE-2013-5704\nCVE-2014-3581\nCVE-2014-3583\nCVE-2014-8109\nCVE-2015-0228\nCVE-2015-0253\nCVE-2015-3183\nCVE-2015-3185\n\nBIND\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilities in BIND, the most severe of which\nmay allow a remote attacker to cause a denial of service\nDescription:  Multiple vulnerabilities existed in BIND versions prior\nto 9.9.7. These issues were addressed by updating BIND to version\n9.9.7. \nCVE-ID\nCVE-2014-8500\nCVE-2015-1349\n\nPostgreSQL\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple vulnerabilities in PostgreSQL, the most serious of\nwhich may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in PostgreSQL versions\nprior to 9.3.9. These issues were addressed by updating PostgreSQL to\nversion 9.3.9. \nCVE-ID\nCVE-2014-0067\nCVE-2014-8161\nCVE-2015-0241\nCVE-2015-0242\nCVE-2015-0243\nCVE-2015-0244\nCVE-2015-3165\nCVE-2015-3166\nCVE-2015-3167\n\nWiki Server\nAvailable for:  OS X Yosemite v10.10.4 or later\nImpact:  Multiple XML security issues in Wiki Server\nDescription:  Multiple XML vulnerabilities existed in Wiki Server\nbased on Twisted. This issue was addressed by removing Twisted. \nCVE-ID\nCVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research\nCenter\n\n\nOS X Server 5.0.3 may be obtained from the Mac App Store. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/httpd-2.4.16-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes the following security issues:\n  * CVE-2015-0253:  Fix a crash with ErrorDocument 400 pointing to a local\n    URL-path with the INCLUDES filter active, introduced in 2.4.11. \n  * CVE-2015-3183: core: Fix chunk header parsing defect.  Remove\n    apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN\n    filter, parse chunks in a single pass with zero copy.  Limit accepted\n    chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. \n  * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache\n    httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd78c9925e69ba6ce14d67fb67245981b  httpd-2.4.16-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n1370e3c7e135bf07b65e73049099a942  httpd-2.4.16-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nea116c45bba8c80f59cfe0394a8f87fa  httpd-2.4.16-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8b5b1caa1fa203b07b529f77834fac16  httpd-2.4.16-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n01ccb961f17bd14c1d157892af4c9f1d  n/httpd-2.4.16-i586-1.txz\n\nSlackware x86_64 -current package:\n70a6644de3585007861e57cf08608843  n/httpd-2.4.16-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg httpd-2.4.16-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0253"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "db": "BID",
        "id": "75964"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78199"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0253"
      },
      {
        "db": "PACKETSTORM",
        "id": "133281"
      },
      {
        "db": "PACKETSTORM",
        "id": "133619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132743"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0253",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "75964",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1032967",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99970459",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-78199",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0253",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133281",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133619",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132743",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78199"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0253"
      },
      {
        "db": "BID",
        "id": "75964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "db": "PACKETSTORM",
        "id": "133281"
      },
      {
        "db": "PACKETSTORM",
        "id": "133619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132743"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ]
  },
  "id": "VAR-201507-0059",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78199"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:24:57.155000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fixed in Apache httpd 2.4.16",
        "trust": 0.8,
        "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "title": "APPLE-SA-2015-09-16-4 OS X Server 5.0.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html"
      },
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205219",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205219"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "HT205219",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205219"
      },
      {
        "title": "Bug 57531",
        "trust": 0.8,
        "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
      },
      {
        "title": "Changes with Apache 2.4.13",
        "trust": 0.8,
        "url": "http://www.apache.org/dist/httpd/changes_2.4"
      },
      {
        "title": "*) SECURITY: CVE-2015-0253 (cve.mitre.org)",
        "trust": 0.8,
        "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
      },
      {
        "title": "TLSA-2015-17",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-17j.html"
      },
      {
        "title": "server-protocol.c",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57083"
      },
      {
        "title": "Red Hat: CVE-2015-0253",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0253"
      },
      {
        "title": "Brocade Security Advisories: BSA-2017-497",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=59455104847d943f738f9d5b0fd958f6"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-579",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-579"
      },
      {
        "title": "Apple: OS X Server v5.0.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e856ca3528e3f20edc6e25428c85c101"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-0253"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0253"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/75964"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1666.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
      },
      {
        "trust": 1.8,
        "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205219"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1032967"
      },
      {
        "trust": 1.5,
        "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "trust": 1.5,
        "url": "http://www.apache.org/dist/httpd/changes_2.4"
      },
      {
        "trust": 1.2,
        "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
      },
      {
        "trust": 1.2,
        "url": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0253"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99970459/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0253"
      },
      {
        "trust": 0.6,
        "url": "httpd.apache.org/security/vulnerabilities_24.html"
      },
      {
        "trust": 0.6,
        "url": "http://"
      },
      {
        "trust": 0.6,
        "url": "httpd.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
      },
      {
        "trust": 0.6,
        "url": "https://github.com/apache/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "httpd/changes_2.4"
      },
      {
        "trust": 0.6,
        "url": "http://www.apache.org/dist/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs."
      },
      {
        "trust": 0.3,
        "url": "http://httpd.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0228"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0253"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-0253"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8109"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3583"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8500"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0241"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0243"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1349"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3581"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5911"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3166"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3165"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0067"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3167"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0244"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3183"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0228"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3185"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78199"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0253"
      },
      {
        "db": "BID",
        "id": "75964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "db": "PACKETSTORM",
        "id": "133281"
      },
      {
        "db": "PACKETSTORM",
        "id": "133619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132743"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-78199"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-0253"
      },
      {
        "db": "BID",
        "id": "75964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "db": "PACKETSTORM",
        "id": "133281"
      },
      {
        "db": "PACKETSTORM",
        "id": "133619"
      },
      {
        "db": "PACKETSTORM",
        "id": "132743"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0253"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78199"
      },
      {
        "date": "2015-07-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0253"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "BID",
        "id": "75964"
      },
      {
        "date": "2015-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "date": "2015-08-24T22:06:47",
        "db": "PACKETSTORM",
        "id": "133281"
      },
      {
        "date": "2015-09-19T15:37:27",
        "db": "PACKETSTORM",
        "id": "133619"
      },
      {
        "date": "2015-07-20T15:45:36",
        "db": "PACKETSTORM",
        "id": "132743"
      },
      {
        "date": "2015-07-20T23:59:00.067000",
        "db": "NVD",
        "id": "CVE-2015-0253"
      },
      {
        "date": "2015-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78199"
      },
      {
        "date": "2021-06-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-0253"
      },
      {
        "date": "2016-07-05T21:28:00",
        "db": "BID",
        "id": "75964"
      },
      {
        "date": "2015-10-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      },
      {
        "date": "2023-11-07T02:23:21.217000",
        "db": "NVD",
        "id": "CVE-2015-0253"
      },
      {
        "date": "2021-08-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133281"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache HTTP Server of  server/protocol.c Inside  read_request_line Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003797"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-656"
      }
    ],
    "trust": 0.6
  }
}

ghsa-4g3x-jprw-h46m

Vulnerability from github

Published

2022-05-13 01:09

Modified

2022-05-13 01:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0253"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-20T23:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.",
  "id": "GHSA-4g3x-jprw-h46m",
  "modified": "2022-05-13T01:09:45Z",
  "published": "2022-05-13T01:09:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT205031"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205219"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
    },
    {
      "type": "WEB",
      "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
    },
    {
      "type": "WEB",
      "url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75964"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032967"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

rhsa-2015_1666

Vulnerability from csaf_redhat

Published

2015-08-24 15:56

Modified

2024-11-05 18:59

Summary

Red Hat Security Advisory: httpd24-httpd security update

Notes

Topic

Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185) Note: This update introduces new a new API function, ap_some_authn_required(), which correctly indicates if a request is authenticated. External httpd modules using the old API function should be modified to use the new one to completely resolve this issue. A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash. (CVE-2015-0228) A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. (CVE-2015-0253) All httpd24-httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service will be restarted automatically.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated httpd24-httpd packages that fix multiple security issues are now\navailable for Red Hat Software Collections 2.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nIt was discovered that in httpd 2.4, the internal API function\nap_some_auth_required() could incorrectly indicate that a request was\nauthenticated even when no authentication was used. An httpd module using\nthis API function could consequently allow access that should have been\ndenied. (CVE-2015-3185)\n\nNote: This update introduces new a new API function,\nap_some_authn_required(), which correctly indicates if a request is\nauthenticated. External httpd modules using the old API function should be\nmodified to use the new one to completely resolve this issue.\n\nA denial of service flaw was found in the way the mod_lua httpd module\nprocessed certain WebSocket Ping requests. A remote attacker could send a\nspecially crafted WebSocket Ping packet that would cause the httpd child\nprocess to crash. (CVE-2015-0228)\n\nA NULL pointer dereference flaw was found in the way httpd generated\ncertain error responses. A remote attacker could possibly use this flaw to\ncrash the httpd child process using a request that triggers a certain HTTP\nerror. (CVE-2015-0253)\n\nAll httpd24-httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service will be restarted\nautomatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1666",
        "url": "https://access.redhat.com/errata/RHSA-2015:1666"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1202988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202988"
      },
      {
        "category": "external",
        "summary": "1243887",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243887"
      },
      {
        "category": "external",
        "summary": "1243888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888"
      },
      {
        "category": "external",
        "summary": "1243891",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243891"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1666.json"
      }
    ],
    "title": "Red Hat Security Advisory: httpd24-httpd security update",
    "tracking": {
      "current_release_date": "2024-11-05T18:59:59+00:00",
      "generator": {
        "date": "2024-11-05T18:59:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2015:1666",
      "initial_release_date": "2015-08-24T15:56:41+00:00",
      "revision_history": [
        {
          "date": "2015-08-24T15:56:41+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-08-24T15:56:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T18:59:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
                  "product_id": "7Server-RHSCL-2.0-7.1.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-RHSCL-2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-RHSCL-2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
                  "product_id": "6Server-RHSCL-2.0-6.6.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
                  "product_id": "6Server-RHSCL-2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
                  "product_id": "6Workstation-RHSCL-2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
                "product": {
                  "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
                  "product_id": "6Server-RHSCL-2.0-6.5.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Software Collections"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
                "product": {
                  "name": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
                  "product_id": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.12-6.el7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
                "product": {
                  "name": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
                  "product_id": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.12-6.el7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
                "product": {
                  "name": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
                  "product_id": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.12-6.el7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
                "product": {
                  "name": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
                  "product_id": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.12-6.el7.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
                "product": {
                  "name": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
                  "product_id": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.12-6.el7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
                "product": {
                  "name": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
                  "product_id": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.12-6.el7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
                "product": {
                  "name": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
                  "product_id": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.12-6.el7.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
                "product": {
                  "name": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
                  "product_id": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.12-6.el7.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
                "product": {
                  "name": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
                  "product_id": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.12-4.el6.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
                "product": {
                  "name": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
                  "product_id": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.12-4.el6.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
                "product": {
                  "name": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
                  "product_id": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.12-4.el6.2?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
                "product": {
                  "name": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
                  "product_id": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.12-4.el6.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
                "product": {
                  "name": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
                  "product_id": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.12-4.el6.2?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
                "product": {
                  "name": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
                  "product_id": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.12-4.el6.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
                "product": {
                  "name": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
                  "product_id": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.12-4.el6.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
                "product": {
                  "name": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
                  "product_id": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.12-4.el6.2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd24-httpd-0:2.4.12-6.el7.1.src",
                "product": {
                  "name": "httpd24-httpd-0:2.4.12-6.el7.1.src",
                  "product_id": "httpd24-httpd-0:2.4.12-6.el7.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.12-6.el7.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-0:2.4.12-4.el6.2.src",
                "product": {
                  "name": "httpd24-httpd-0:2.4.12-4.el6.2.src",
                  "product_id": "httpd24-httpd-0:2.4.12-4.el6.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.12-4.el6.2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
                "product": {
                  "name": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
                  "product_id": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.12-6.el7.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
                "product": {
                  "name": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
                  "product_id": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.12-4.el6.2?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-4.el6.2.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-4.el6.2.src",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch"
        },
        "product_reference": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5)",
          "product_id": "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.5.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-4.el6.2.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-4.el6.2.src",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch"
        },
        "product_reference": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
          "product_id": "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0-6.6.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-4.el6.2.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-4.el6.2.src",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch"
        },
        "product_reference": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
          "product_id": "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-4.el6.2.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-4.el6.2.src",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch"
        },
        "product_reference": "httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
          "product_id": "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64"
        },
        "product_reference": "httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
        "relates_to_product_reference": "6Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-6.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-6.el7.1.src",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch"
        },
        "product_reference": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
          "product_id": "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0-7.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-6.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-6.el7.1.src",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch"
        },
        "product_reference": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Server-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-6.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-6.el7.1.src",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch"
        },
        "product_reference": "httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
        },
        "product_reference": "httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
        "relates_to_product_reference": "7Workstation-RHSCL-2.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-0228",
      "discovery_date": "2015-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1202988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: Possible mod_lua crash due to websocket bug",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the version of httpd package as shipped with Red Hat Enterprise Linux 5, 6 and 7.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0228"
        },
        {
          "category": "external",
          "summary": "RHBZ#1202988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0228",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0228"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0228",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0228"
        },
        {
          "category": "external",
          "summary": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16",
          "url": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16"
        }
      ],
      "release_date": "2015-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-24T15:56:41+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1666"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: Possible mod_lua crash due to websocket bug"
    },
    {
      "cve": "CVE-2015-0253",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2015-07-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1243891"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4, 5, 6, and 7; JBoss Enterprise Web Server 1 and 2; JBoss Web Server 3; and JBoss Enterprise Application Platform 6.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0253"
        },
        {
          "category": "external",
          "summary": "RHBZ#1243891",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243891"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0253"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0253",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0253"
        },
        {
          "category": "external",
          "summary": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16",
          "url": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16"
        }
      ],
      "release_date": "2015-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-24T15:56:41+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1666"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path"
    },
    {
      "cve": "CVE-2015-3183",
      "cwe": {
        "id": "CWE-172",
        "name": "Encoding Error"
      },
      "discovery_date": "2015-07-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1243887"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: HTTP request smuggling attack against chunked request parser",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3183"
        },
        {
          "category": "external",
          "summary": "RHBZ#1243887",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243887"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3183"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3183",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3183"
        }
      ],
      "release_date": "2015-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-24T15:56:41+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1666"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: HTTP request smuggling attack against chunked request parser"
    },
    {
      "cve": "CVE-2015-3185",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "discovery_date": "2015-07-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1243888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
          "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
          "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
          "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
          "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
          "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
          "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3185"
        },
        {
          "category": "external",
          "summary": "RHBZ#1243888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3185",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3185"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3185",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3185"
        },
        {
          "category": "external",
          "summary": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16",
          "url": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16"
        }
      ],
      "release_date": "2015-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-24T15:56:41+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1666"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.5.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0-6.6.Z:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.src",
            "6Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-4.el6.2.noarch",
            "6Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-4.el6.2.x86_64",
            "6Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-4.el6.2.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0-7.1.Z:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Server-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Server-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Server-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.src",
            "7Workstation-RHSCL-2.0:httpd24-httpd-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-debuginfo-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-devel-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-httpd-manual-0:2.4.12-6.el7.1.noarch",
            "7Workstation-RHSCL-2.0:httpd24-httpd-tools-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ldap-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_proxy_html-1:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_session-0:2.4.12-6.el7.1.x86_64",
            "7Workstation-RHSCL-2.0:httpd24-mod_ssl-1:2.4.12-6.el7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4"
    }
  ]
}

Action not permitted

CVE-2015-0253

Vulnerability from cvelistv5

gsd-2015-0253

Vulnerability from gsd

var-201507-0059

Vulnerability from variot

upgradepkg httpd-2.4.16-i486-1_slack14.1.txz

/etc/rc.d/rc.httpd stop

/etc/rc.d/rc.httpd start

ghsa-4g3x-jprw-h46m

Vulnerability from github

rhsa-2015_1666

Vulnerability from csaf_redhat

Tags