Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-11763 (GCVE-0-2018-11763)
Vulnerability from cvelistv5 – Published: 2018-09-25 21:00 – Updated: 2024-09-17 02:21
VLAI
EPSS
Summary
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
Severity
5.9 (Medium)
CWE
- mod_http2, DoS via continuous SETTINGS frames
Assigner
References
26 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.17 to 2.4.34
|
Date Public
2018-09-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "105414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0004/"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "USN-3783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "1041713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041713"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "openSUSE-SU-2019:1547",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.4.17 to 2.4.34"
}
]
}
],
"datePublic": "2018-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "mod_http2, DoS via continuous SETTINGS frames",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:11:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "105414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0004/"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "USN-3783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "1041713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041713"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "openSUSE-SU-2019:1547",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-25T00:00:00",
"ID": "CVE-2018-11763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.17 to 2.4.34"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "mod_http2, DoS via continuous SETTINGS frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "105414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105414"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0004/"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "USN-3783-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "1041713",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041713"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "openSUSE-SU-2019:1547",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"name": "openSUSE-SU-2019:1814",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11763",
"datePublished": "2018-09-25T21:00:00.000Z",
"dateReserved": "2018-06-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:55.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-11763",
"date": "2026-06-05",
"epss": "0.22356",
"percentile": "0.95932"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4.17\", \"versionEndIncluding\": \"2.4.34\", \"matchCriteriaId\": \"5B01C8E1-1FD7-4114-823E-7220B705A031\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041F9200-4C01-4187-AE34-240E8277B54D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB48767-F095-444F-9E05-D9AC345AB803\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F6FA12B-504C-4DBF-A32E-0548557AA2ED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A3DC116-2844-47A1-BEC2-D0675DD97148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F87FC90-16D0-4051-8280-B0DD4441F10B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5265C91-FF5C-4451-A7C2-D388A65ACFA2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B7A6697-98CC-4E36-93DB-B7160F8399F9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.\"}, {\"lang\": \"es\", \"value\": \"En Apache HTTP Server, de la versi\\u00f3n 2.4.17 a la 2.4.34, mediante el env\\u00edo continuo de tramas SETTINGS grandes, un cliente puede ocupar una conexi\\u00f3n, hilo del servidor y tiempo de CPU sin que se active ning\\u00fan agotamiento del tiempo de conexi\\u00f3n. Esto solo afecta a las conexiones HTTP/2. Una posible mitigaci\\u00f3n es no activar el protocolo h2.\"}]",
"id": "CVE-2018-11763",
"lastModified": "2024-11-21T03:43:58.790",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-09-25T21:29:00.283",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html\", \"source\": \"security@apache.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.securityfocus.com/bid/105414\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041713\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3558\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0366\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0367\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0004/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3783-1/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"security@apache.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-09\", \"source\": \"security@apache.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/105414\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041713\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3558\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0366\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0367\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3783-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-11763\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-09-25T21:29:00.283\",\"lastModified\":\"2024-11-21T03:43:58.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.\"},{\"lang\":\"es\",\"value\":\"En Apache HTTP Server, de la versi\u00f3n 2.4.17 a la 2.4.34, mediante el env\u00edo continuo de tramas SETTINGS grandes, un cliente puede ocupar una conexi\u00f3n, hilo del servidor y tiempo de CPU sin que se active ning\u00fan agotamiento del tiempo de conexi\u00f3n. Esto solo afecta a las conexiones HTTP/2. Una posible mitigaci\u00f3n es no activar el protocolo h2.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.17\",\"versionEndIncluding\":\"2.4.34\",\"matchCriteriaId\":\"5B01C8E1-1FD7-4114-823E-7220B705A031\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041F9200-4C01-4187-AE34-240E8277B54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB48767-F095-444F-9E05-D9AC345AB803\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F6FA12B-504C-4DBF-A32E-0548557AA2ED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3DC116-2844-47A1-BEC2-D0675DD97148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F69B9A5-F21B-4904-9F27-95C0F7A628E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87FC90-16D0-4051-8280-B0DD4441F10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5265C91-FF5C-4451-A7C2-D388A65ACFA2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B7A6697-98CC-4E36-93DB-B7160F8399F9\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/105414\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041713\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190204-0004/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3783-1/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"security@apache.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/105414\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190204-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3783-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2018:3101-1
Vulnerability from csaf_suse - Published: 2018-10-11 15:10 - Updated: 2018-10-11 15:10Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)
Bug fixes:
- consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation
says (patch Juergen Gleiss)
Patchnames: SUSE-SLE-Module-Server-Applications-15-2018-2201
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)\n\nBug fixes:\n\n- consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation\n says (patch Juergen Gleiss)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Server-Applications-15-2018-2201",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3101-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3101-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183101-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3101-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004664.html"
},
{
"category": "self",
"summary": "SUSE Bug 1109961",
"url": "https://bugzilla.suse.com/1109961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11763 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11763/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-10-11T15:10:13Z",
"generator": {
"date": "2018-10-11T15:10:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3101-1",
"initial_release_date": "2018-10-11T15:10:13Z",
"revision_history": [
{
"date": "2018-10-11T15:10:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.33-3.6.1.aarch64",
"product": {
"name": "apache2-2.4.33-3.6.1.aarch64",
"product_id": "apache2-2.4.33-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.33-3.6.1.aarch64",
"product": {
"name": "apache2-devel-2.4.33-3.6.1.aarch64",
"product_id": "apache2-devel-2.4.33-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.33-3.6.1.aarch64",
"product": {
"name": "apache2-prefork-2.4.33-3.6.1.aarch64",
"product_id": "apache2-prefork-2.4.33-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.33-3.6.1.aarch64",
"product": {
"name": "apache2-utils-2.4.33-3.6.1.aarch64",
"product_id": "apache2-utils-2.4.33-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.33-3.6.1.aarch64",
"product": {
"name": "apache2-worker-2.4.33-3.6.1.aarch64",
"product_id": "apache2-worker-2.4.33-3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.33-3.6.1.noarch",
"product": {
"name": "apache2-doc-2.4.33-3.6.1.noarch",
"product_id": "apache2-doc-2.4.33-3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.33-3.6.1.ppc64le",
"product": {
"name": "apache2-2.4.33-3.6.1.ppc64le",
"product_id": "apache2-2.4.33-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.33-3.6.1.ppc64le",
"product": {
"name": "apache2-devel-2.4.33-3.6.1.ppc64le",
"product_id": "apache2-devel-2.4.33-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.33-3.6.1.ppc64le",
"product": {
"name": "apache2-prefork-2.4.33-3.6.1.ppc64le",
"product_id": "apache2-prefork-2.4.33-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.33-3.6.1.ppc64le",
"product": {
"name": "apache2-utils-2.4.33-3.6.1.ppc64le",
"product_id": "apache2-utils-2.4.33-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.33-3.6.1.ppc64le",
"product": {
"name": "apache2-worker-2.4.33-3.6.1.ppc64le",
"product_id": "apache2-worker-2.4.33-3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.33-3.6.1.s390x",
"product": {
"name": "apache2-2.4.33-3.6.1.s390x",
"product_id": "apache2-2.4.33-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.33-3.6.1.s390x",
"product": {
"name": "apache2-devel-2.4.33-3.6.1.s390x",
"product_id": "apache2-devel-2.4.33-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.33-3.6.1.s390x",
"product": {
"name": "apache2-prefork-2.4.33-3.6.1.s390x",
"product_id": "apache2-prefork-2.4.33-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.33-3.6.1.s390x",
"product": {
"name": "apache2-utils-2.4.33-3.6.1.s390x",
"product_id": "apache2-utils-2.4.33-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.33-3.6.1.s390x",
"product": {
"name": "apache2-worker-2.4.33-3.6.1.s390x",
"product_id": "apache2-worker-2.4.33-3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.33-3.6.1.x86_64",
"product": {
"name": "apache2-2.4.33-3.6.1.x86_64",
"product_id": "apache2-2.4.33-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.33-3.6.1.x86_64",
"product": {
"name": "apache2-devel-2.4.33-3.6.1.x86_64",
"product_id": "apache2-devel-2.4.33-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.33-3.6.1.x86_64",
"product": {
"name": "apache2-prefork-2.4.33-3.6.1.x86_64",
"product_id": "apache2-prefork-2.4.33-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.33-3.6.1.x86_64",
"product": {
"name": "apache2-utils-2.4.33-3.6.1.x86_64",
"product_id": "apache2-utils-2.4.33-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.33-3.6.1.x86_64",
"product": {
"name": "apache2-worker-2.4.33-3.6.1.x86_64",
"product_id": "apache2-worker-2.4.33-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.33-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.aarch64"
},
"product_reference": "apache2-2.4.33-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.33-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.ppc64le"
},
"product_reference": "apache2-2.4.33-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.33-3.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.s390x"
},
"product_reference": "apache2-2.4.33-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.33-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.x86_64"
},
"product_reference": "apache2-2.4.33-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.33-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.aarch64"
},
"product_reference": "apache2-devel-2.4.33-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.33-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.ppc64le"
},
"product_reference": "apache2-devel-2.4.33-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.33-3.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.s390x"
},
"product_reference": "apache2-devel-2.4.33-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.33-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.x86_64"
},
"product_reference": "apache2-devel-2.4.33-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.33-3.6.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.6.1.noarch"
},
"product_reference": "apache2-doc-2.4.33-3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.33-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.aarch64"
},
"product_reference": "apache2-prefork-2.4.33-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.33-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.ppc64le"
},
"product_reference": "apache2-prefork-2.4.33-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.33-3.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.s390x"
},
"product_reference": "apache2-prefork-2.4.33-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.33-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.x86_64"
},
"product_reference": "apache2-prefork-2.4.33-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.33-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.aarch64"
},
"product_reference": "apache2-utils-2.4.33-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.33-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.ppc64le"
},
"product_reference": "apache2-utils-2.4.33-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.33-3.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.s390x"
},
"product_reference": "apache2-utils-2.4.33-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.33-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.x86_64"
},
"product_reference": "apache2-utils-2.4.33-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.33-3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.aarch64"
},
"product_reference": "apache2-worker-2.4.33-3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.33-3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.ppc64le"
},
"product_reference": "apache2-worker-2.4.33-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.33-3.6.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.s390x"
},
"product_reference": "apache2-worker-2.4.33-3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.33-3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.x86_64"
},
"product_reference": "apache2-worker-2.4.33-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11763"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.6.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11763",
"url": "https://www.suse.com/security/cve/CVE-2018-11763"
},
{
"category": "external",
"summary": "SUSE Bug 1109961 for CVE-2018-11763",
"url": "https://bugzilla.suse.com/1109961"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-11763",
"url": "https://bugzilla.suse.com/1122212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.6.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-devel-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-doc-2.4.33-3.6.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-prefork-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-utils-2.4.33-3.6.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:apache2-worker-2.4.33-3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-11T15:10:13Z",
"details": "important"
}
],
"title": "CVE-2018-11763"
}
]
}
SUSE-SU-2018:3582-1
Vulnerability from csaf_suse - Published: 2018-10-30 16:21 - Updated: 2018-10-30 16:21Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)
Patchnames: SUSE-OpenStack-Cloud-7-2018-2541,SUSE-SLE-SAP-12-SP2-2018-2541,SUSE-SLE-SDK-12-SP3-2018-2541,SUSE-SLE-SERVER-12-SP2-2018-2541,SUSE-SLE-SERVER-12-SP2-BCL-2018-2541,SUSE-SLE-SERVER-12-SP3-2018-2541,SUSE-Storage-4-2018-2541
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
96 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-2541,SUSE-SLE-SAP-12-SP2-2018-2541,SUSE-SLE-SDK-12-SP3-2018-2541,SUSE-SLE-SERVER-12-SP2-2018-2541,SUSE-SLE-SERVER-12-SP2-BCL-2018-2541,SUSE-SLE-SERVER-12-SP3-2018-2541,SUSE-Storage-4-2018-2541",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3582-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3582-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183582-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3582-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004815.html"
},
{
"category": "self",
"summary": "SUSE Bug 1109961",
"url": "https://bugzilla.suse.com/1109961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11763 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11763/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-10-30T16:21:13Z",
"generator": {
"date": "2018-10-30T16:21:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3582-1",
"initial_release_date": "2018-10-30T16:21:13Z",
"revision_history": [
{
"date": "2018-10-30T16:21:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-devel-2.4.23-29.27.2.aarch64",
"product_id": "apache2-devel-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-2.4.23-29.27.2.aarch64",
"product_id": "apache2-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-example-pages-2.4.23-29.27.2.aarch64",
"product_id": "apache2-example-pages-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-prefork-2.4.23-29.27.2.aarch64",
"product_id": "apache2-prefork-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-utils-2.4.23-29.27.2.aarch64",
"product_id": "apache2-utils-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-worker-2.4.23-29.27.2.aarch64",
"product_id": "apache2-worker-2.4.23-29.27.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.23-29.27.2.noarch",
"product": {
"name": "apache2-doc-2.4.23-29.27.2.noarch",
"product_id": "apache2-doc-2.4.23-29.27.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-example-pages-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-prefork-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-utils-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-utils-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-worker-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-worker-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-devel-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-devel-2.4.23-29.27.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-2.4.23-29.27.2.s390x",
"product_id": "apache2-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-example-pages-2.4.23-29.27.2.s390x",
"product_id": "apache2-example-pages-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-prefork-2.4.23-29.27.2.s390x",
"product_id": "apache2-prefork-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-utils-2.4.23-29.27.2.s390x",
"product_id": "apache2-utils-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-worker-2.4.23-29.27.2.s390x",
"product_id": "apache2-worker-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-devel-2.4.23-29.27.2.s390x",
"product_id": "apache2-devel-2.4.23-29.27.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-2.4.23-29.27.2.x86_64",
"product_id": "apache2-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"product_id": "apache2-example-pages-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64",
"product_id": "apache2-prefork-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64",
"product_id": "apache2-utils-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64",
"product_id": "apache2-worker-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-devel-2.4.23-29.27.2.x86_64",
"product_id": "apache2-devel-2.4.23-29.27.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-devel-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-devel-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-devel-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-devel-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11763"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Enterprise Storage 4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11763",
"url": "https://www.suse.com/security/cve/CVE-2018-11763"
},
{
"category": "external",
"summary": "SUSE Bug 1109961 for CVE-2018-11763",
"url": "https://bugzilla.suse.com/1109961"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-11763",
"url": "https://bugzilla.suse.com/1122212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Enterprise Storage 4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Enterprise Storage 4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Enterprise Storage 4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-30T16:21:13Z",
"details": "important"
}
],
"title": "CVE-2018-11763"
}
]
}
SUSE-SU-2018:3582-2
Vulnerability from csaf_suse - Published: 2018-12-05 09:31 - Updated: 2018-12-05 09:31Summary
Security update for apache2
Severity
Important
Notes
Title of the patch: Security update for apache2
Description of the patch: This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)
Patchnames: SUSE-SLE-SDK-12-SP4-2018-2541,SUSE-SLE-SERVER-12-SP4-2018-2541
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.27.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SDK-12-SP4-2018-2541,SUSE-SLE-SERVER-12-SP4-2018-2541",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3582-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3582-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183582-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3582-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004917.html"
},
{
"category": "self",
"summary": "SUSE Bug 1109961",
"url": "https://bugzilla.suse.com/1109961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11763 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11763/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-12-05T09:31:17Z",
"generator": {
"date": "2018-12-05T09:31:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3582-2",
"initial_release_date": "2018-12-05T09:31:17Z",
"revision_history": [
{
"date": "2018-12-05T09:31:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-devel-2.4.23-29.27.2.aarch64",
"product_id": "apache2-devel-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-2.4.23-29.27.2.aarch64",
"product_id": "apache2-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-example-pages-2.4.23-29.27.2.aarch64",
"product_id": "apache2-example-pages-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-prefork-2.4.23-29.27.2.aarch64",
"product_id": "apache2-prefork-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-utils-2.4.23-29.27.2.aarch64",
"product_id": "apache2-utils-2.4.23-29.27.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.27.2.aarch64",
"product": {
"name": "apache2-worker-2.4.23-29.27.2.aarch64",
"product_id": "apache2-worker-2.4.23-29.27.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.23-29.27.2.noarch",
"product": {
"name": "apache2-doc-2.4.23-29.27.2.noarch",
"product_id": "apache2-doc-2.4.23-29.27.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-devel-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-devel-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-example-pages-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-prefork-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-utils-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-utils-2.4.23-29.27.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.27.2.ppc64le",
"product": {
"name": "apache2-worker-2.4.23-29.27.2.ppc64le",
"product_id": "apache2-worker-2.4.23-29.27.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-devel-2.4.23-29.27.2.s390x",
"product_id": "apache2-devel-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-2.4.23-29.27.2.s390x",
"product_id": "apache2-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-example-pages-2.4.23-29.27.2.s390x",
"product_id": "apache2-example-pages-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-prefork-2.4.23-29.27.2.s390x",
"product_id": "apache2-prefork-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-utils-2.4.23-29.27.2.s390x",
"product_id": "apache2-utils-2.4.23-29.27.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.27.2.s390x",
"product": {
"name": "apache2-worker-2.4.23-29.27.2.s390x",
"product_id": "apache2-worker-2.4.23-29.27.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-devel-2.4.23-29.27.2.x86_64",
"product_id": "apache2-devel-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-2.4.23-29.27.2.x86_64",
"product_id": "apache2-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"product_id": "apache2-example-pages-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64",
"product_id": "apache2-prefork-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64",
"product_id": "apache2-utils-2.4.23-29.27.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.27.2.x86_64",
"product": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64",
"product_id": "apache2-worker-2.4.23-29.27.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-devel-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-devel-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-devel-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-devel-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.27.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.27.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.27.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.27.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.27.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11763"
}
],
"notes": [
{
"category": "general",
"text": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11763",
"url": "https://www.suse.com/security/cve/CVE-2018-11763"
},
{
"category": "external",
"summary": "SUSE Bug 1109961 for CVE-2018-11763",
"url": "https://bugzilla.suse.com/1109961"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-11763",
"url": "https://bugzilla.suse.com/1122212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-doc-2.4.23-29.27.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-example-pages-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-prefork-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-utils-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-worker-2.4.23-29.27.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-devel-2.4.23-29.27.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-05T09:31:17Z",
"details": "important"
}
],
"title": "CVE-2018-11763"
}
]
}
WID-SEC-W-2024-1682
Vulnerability from csaf_certbund - Published: 2019-04-16 22:00 - Updated: 2024-07-21 22:00Summary
Oracle Retail Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Retail Allocation ist ein Verwaltungswerkzeug.
Oracle MICROS bietet eine Reihe von Software, Hardware und Dienstleistungen zusammen mit schnell wachsenden Cloud Lösungen für Abrechnung und Verwaltung in Unternehmen des Hotel- und Gaststättengewerbes, Reiseveranstalter und Veranstaltern von Kreuzfahrten sowie in Unternehmen der Freizeit- und Unterhaltungsbranche.
Oracle Invoice Matching ist ein Tool zum Verwalten von Lieferantenrechnungen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Invoice Matching 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail MICROS 11.4
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:11.4
|
11.4 | |
|
Oracle Retail MICROS 12.1.2
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:12.1.2
|
12.1.2 | |
|
Oracle Retail MICROS 2.9.5.6
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.6
|
2.9.5.6 | |
|
Oracle Retail MICROS 2.9.5.7
Oracle / Retail MICROS
|
cpe:/a:oracle:micros:2.9.5.7
|
2.9.5.7 | |
|
Oracle Retail Invoice Matching 15.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:15.0
|
15 | |
|
Oracle Retail Allocation 15.0.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:15.0.2
|
15.0.2 | |
|
Oracle Retail Invoice Matching 14.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.1
|
14.1 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
Oracle Retail Xstore Point of Service 7.1
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.1
|
7.1 | |
|
Oracle Retail Workforce Management 1.60.9.0.0
Oracle / Retail Workforce Management
|
cpe:/a:oracle:retail_workforce_management:1.60.9.0.0
|
1.60.9.0.0 | |
|
Oracle Retail Xstore Point of Service 7.0
Oracle / Retail Xstore Point of Service
|
cpe:/a:oracle:retail_point-of-service:7.0
|
7 | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Retail Allocation ist ein Verwaltungswerkzeug.\r\nOracle MICROS bietet eine Reihe von Software, Hardware und Dienstleistungen zusammen mit schnell wachsenden Cloud L\u00f6sungen f\u00fcr Abrechnung und Verwaltung in Unternehmen des Hotel- und Gastst\u00e4ttengewerbes, Reiseveranstalter und Veranstaltern von Kreuzfahrten sowie in Unternehmen der Freizeit- und Unterhaltungsbranche.\r\nOracle Invoice Matching ist ein Tool zum Verwalten von Lieferantenrechnungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1682 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1682.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1682 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1682"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixRAPP"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240719-0002 vom 2024-07-19",
"url": "https://security.netapp.com/advisory/ntap-20240719-0002/"
}
],
"source_lang": "en-US",
"title": "Oracle Retail Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-21T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:11:37.885+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1682",
"initial_release_date": "2019-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-21T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von NetApp aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T034125",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "15.0.2",
"product": {
"name": "Oracle Retail Allocation 15.0.2",
"product_id": "T014004",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_allocation:15.0.2"
}
}
}
],
"category": "product_name",
"name": "Retail Allocation"
},
{
"branches": [
{
"category": "product_version",
"name": "12",
"product": {
"name": "Oracle Retail Invoice Matching 12.0",
"product_id": "T001982",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:12.0"
}
}
},
{
"category": "product_version",
"name": "13",
"product": {
"name": "Oracle Retail Invoice Matching 13.0",
"product_id": "T001985",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.0"
}
}
},
{
"category": "product_version",
"name": "13.2",
"product": {
"name": "Oracle Retail Invoice Matching 13.2",
"product_id": "T001987",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.2"
}
}
},
{
"category": "product_version",
"name": "14",
"product": {
"name": "Oracle Retail Invoice Matching 14.0",
"product_id": "T004005",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:14.0"
}
}
},
{
"category": "product_version",
"name": "13.1",
"product": {
"name": "Oracle Retail Invoice Matching 13.1",
"product_id": "T004011",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.1"
}
}
},
{
"category": "product_version",
"name": "15",
"product": {
"name": "Oracle Retail Invoice Matching 15.0",
"product_id": "T012089",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:15.0"
}
}
},
{
"category": "product_version",
"name": "14.1",
"product": {
"name": "Oracle Retail Invoice Matching 14.1",
"product_id": "T014012",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:14.1"
}
}
}
],
"category": "product_name",
"name": "Retail Invoice Matching"
},
{
"branches": [
{
"category": "product_version",
"name": "2.9.5.6",
"product": {
"name": "Oracle Retail MICROS 2.9.5.6",
"product_id": "T014005",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:micros:2.9.5.6"
}
}
},
{
"category": "product_version",
"name": "2.9.5.7",
"product": {
"name": "Oracle Retail MICROS 2.9.5.7",
"product_id": "T014006",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:micros:2.9.5.7"
}
}
},
{
"category": "product_version",
"name": "11.4",
"product": {
"name": "Oracle Retail MICROS 11.4",
"product_id": "T014007",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:micros:11.4"
}
}
},
{
"category": "product_version",
"name": "12.1.2",
"product": {
"name": "Oracle Retail MICROS 12.1.2",
"product_id": "T014008",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:micros:12.1.2"
}
}
}
],
"category": "product_name",
"name": "Retail MICROS"
},
{
"branches": [
{
"category": "product_version",
"name": "1.60.9.0.0",
"product": {
"name": "Oracle Retail Workforce Management 1.60.9.0.0",
"product_id": "T014013",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_workforce_management:1.60.9.0.0"
}
}
}
],
"category": "product_name",
"name": "Retail Workforce Management"
},
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "Oracle Retail Xstore Point of Service 7.0",
"product_id": "T012096",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_point-of-service:7.0"
}
}
},
{
"category": "product_version",
"name": "7.1",
"product": {
"name": "Oracle Retail Xstore Point of Service 7.1",
"product_id": "T012099",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_point-of-service:7.1"
}
}
}
],
"category": "product_name",
"name": "Retail Xstore Point of Service"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9515",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-9515"
},
{
"cve": "CVE-2015-9251",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2016-1000031",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2016-1000031"
},
{
"cve": "CVE-2017-5533",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2017-5533"
},
{
"cve": "CVE-2018-1000180",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1000180"
},
{
"cve": "CVE-2018-1000613",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1000613"
},
{
"cve": "CVE-2018-11763",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-11763"
},
{
"cve": "CVE-2018-11784",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-11784"
},
{
"cve": "CVE-2018-12022",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-12022"
},
{
"cve": "CVE-2018-12023",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-12023"
},
{
"cve": "CVE-2018-1304",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1304"
},
{
"cve": "CVE-2018-1305",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1305"
},
{
"cve": "CVE-2018-14718",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-14718"
},
{
"cve": "CVE-2018-14719",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-14719"
},
{
"cve": "CVE-2018-14720",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-14720"
},
{
"cve": "CVE-2018-14721",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-14721"
},
{
"cve": "CVE-2018-15756",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-15756"
},
{
"cve": "CVE-2018-19360",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-19360"
},
{
"cve": "CVE-2018-19361",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-19361"
},
{
"cve": "CVE-2018-19362",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-19362"
},
{
"cve": "CVE-2018-2880",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-2880"
},
{
"cve": "CVE-2018-3120",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-3120"
},
{
"cve": "CVE-2018-3312",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-3312"
},
{
"cve": "CVE-2018-3314",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-3314"
},
{
"cve": "CVE-2018-7489",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-7489"
},
{
"cve": "CVE-2018-8034",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-8034"
},
{
"cve": "CVE-2019-2424",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2019-2424"
},
{
"cve": "CVE-2019-2558",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2019-2558"
},
{
"cve": "CVE-2019-3772",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T004011",
"T004005",
"T014007",
"T014008",
"T014005",
"T014006",
"T012089",
"T014004",
"T014012",
"T034125",
"T012099",
"T014013",
"T012096",
"T001987",
"T001985",
"T001982"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2019-3772"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…