Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2016-4975
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23) Version: Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31) |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:46:40.035Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0006/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "name": "105093", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105093" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23)" }, { "status": "affected", "version": "Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)" } ] } ], "credits": [ { "lang": "en", "value": "The issue was discovered by Sergey Bobrov" } ], "datePublic": "2018-08-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://httpd.apache.org/security/impact_levels.html#moderate", "value": "moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "(undefined)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:11:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0006/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "name": "105093", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105093" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "mod_userdir CRLF injection", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-08-14", "ID": "CVE-2016-4975", "STATE": "PUBLIC", "TITLE": "mod_userdir CRLF injection" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_value": "Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23)" }, { "version_value": "Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "The issue was discovered by Sergey Bobrov" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)." } ] }, "impact": [ { "lang": "eng", "url": "https://httpd.apache.org/security/impact_levels.html#moderate", "value": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "(undefined)" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "name": "https://security.netapp.com/advisory/ntap-20180926-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180926-0006/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "name": "105093", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105093" }, { "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2016-4975", "datePublished": "2018-08-14T13:00:00Z", "dateReserved": "2016-05-24T00:00:00", "dateUpdated": "2024-09-16T19:47:03.346Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-4975\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-08-14T12:29:00.220\",\"lastModified\":\"2024-11-21T02:53:20.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \\\"Location\\\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).\"},{\"lang\":\"es\",\"value\":\"Posible inyecci\u00f3n CRLF que permite ataques de separaci\u00f3n de respuesta HTTP para los sitios que emplean mod_userdir. Este problema fue mitigado gracias a los cambios realizados en las versiones 2.4.25 y 2.2.32, que proh\u00edben la inyecci\u00f3n CR o LF en \\\"Location\\\" o en otro tipo de clave o valor de cabecera saliente. Esto se ha solucionado en Apache HTTP Server 2.4.25 (2.4.1-2.4.23 afectadas). Esto se ha solucionado en Apache HTTP Server 2.2.32 (2.2.0-2.2.31 afectadas).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-93\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67AD11FB-529C-404E-A13B-284F145322B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCBBB7FE-35FC-4515-8393-5145339FCE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F519633F-AB68-495A-B85E-FD41F9F752CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A894BED6-C97D-4DA4-A13D-9CB2B3306BC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34A847D1-5AD5-4EFD-B165-7602AFC1E656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB63EBE5-CF14-491E-ABA5-67116DFE3E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CF6394-95D9-42AF-A442-385EFF9CEFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02B629FB-88C8-4E85-A137-28770F1E524E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03550EF0-DF89-42FE-BF0E-994514EBD947\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4886CCAB-6D4E-45C7-B177-2E8DBEA15531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C35631AC-7C35-4F6A-A95A-3B080E5210ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71F4154-AD20-4EEA-9E2E-D3385C357DA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B8C9DB-401E-42B3-BAED-D09A96DE9A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062C20A0-05A0-4164-8330-DF6ADFE607F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D345BA35-93BB-406F-B5DC-86E49FB29C22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED4892F-C829-4BEA-AB82-6A78F6F2426D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00128AAD-E746-4DCD-8676-1381E5232220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE0D7ABB-DE11-40D6-8AAF-C626DD7E3914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5252544F-7BDD-42EE-856E-B351B4B6D381\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58375DE5-F7EC-400D-84A2-CD70B72C4F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15233815-C037-41BB-A447-A078F83A93F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5444C583-CF83-4ECD-8DF8-66D8C1FCF096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C306D07-9DF3-4AD1-9984-ECA094D0F50E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"513A1C46-80FF-489C-AD31-F8F790C6D6C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"046487A3-752B-4D0F-8984-96486B828EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89D2E052-51CD-4B57-A8B8-FAE51988D654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA27058-BACF-4F94-8E3C-7D38EC302EC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FEAB0DF-04A9-4F99-8666-0BADC5D642B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D924D1-8A36-4C43-9E56-52814F9A6350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39CDFECC-E26D-47E0-976F-6629040B3764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3ECBCB1-0675-41F5-857B-438F36925F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB6CBFBF-74F6-42AF-BC79-AA53EA75F00B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8717A96B-9DB5-48D6-A2CF-A5E2B26AF3F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1F45B27-504B-4202-87B8-BD3B094003F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2FB2B98-DFD2-420A-8A7F-9B288651242F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B803D25B-0A19-4569-BA05-09D58F33917C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8510442C-212F-4013-85FA-E0AB59F6F2C6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105093\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180926-0006/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/105093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180926-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2018_2185
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2185", "url": "https://access.redhat.com/errata/RHSA-2018:2185" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/" }, { "category": "external", "summary": "1367340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367340" }, { "category": "external", "summary": "1369855", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369855" }, { "category": "external", "summary": "1377594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377594" }, { "category": "external", "summary": "1393929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393929" }, { "category": "external", "summary": "1416852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416852" }, { "category": "external", "summary": "1416856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416856" }, { "category": "external", "summary": "1509169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509169" }, { "category": "external", "summary": "1523504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523504" }, { "category": "external", "summary": "1523510", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523510" }, { "category": "external", "summary": "JBCS-373", "url": "https://issues.redhat.com/browse/JBCS-373" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2185.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", "tracking": { "current_release_date": "2024-11-22T11:16:03+00:00", "generator": { "date": "2024-11-22T11:16:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2185", "initial_release_date": "2018-07-12T16:14:46+00:00", "revision_history": [ { "date": "2018-07-12T16:14:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-07-12T16:14:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T11:16:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "product_id": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "product_id": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "product_id": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "product_id": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "product": { "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "product_id": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-2182", "cwe": { "id": "CWE-391", "name": "Unchecked Error Condition" }, "discovery_date": "2016-08-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1367340" } ], "notes": [ { "category": "description", "text": "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2182" }, { "category": "external", "summary": "RHBZ#1367340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2182", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2182" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2182" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20160922.txt", "url": "https://www.openssl.org/news/secadv/20160922.txt" } ], "release_date": "2016-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()" }, { "cve": "CVE-2016-4975", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2016-09-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375968" } ], "notes": [ { "category": "description", "text": "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4975" }, { "category": "external", "summary": "RHBZ#1375968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4975", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4975" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" } ], "release_date": "2018-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir" }, { "cve": "CVE-2016-6302", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2016-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369855" } ], "notes": [ { "category": "description", "text": "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Insufficient TLS session ticket HMAC length checks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-6302" }, { "category": "external", "summary": "RHBZ#1369855", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369855" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-6302", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6302" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20160922.txt", "url": "https://www.openssl.org/news/secadv/20160922.txt" } ], "release_date": "2016-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Insufficient TLS session ticket HMAC length checks" }, { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Shi Lei" ], "organization": "Gear Team of Qihoo 360 Inc.", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-6306", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2016-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1377594" } ], "notes": [ { "category": "description", "text": "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: certificate message OOB reads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-6306" }, { "category": "external", "summary": "RHBZ#1377594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377594" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-6306", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6306" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20160922.txt", "url": "https://www.openssl.org/news/secadv/20160922.txt" } ], "release_date": "2016-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: certificate message OOB reads" }, { "acknowledgments": [ { "names": [ "the OpenSSL project" ] } ], "cve": "CVE-2016-7055", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2016-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1393929" } ], "notes": [ { "category": "description", "text": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Carry propagating bug in Montgomery multiplication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-7055" }, { "category": "external", "summary": "RHBZ#1393929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7055", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7055" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20161110.txt", "url": "https://www.openssl.org/news/secadv/20161110.txt" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20170126.txt", "url": "https://www.openssl.org/news/secadv/20170126.txt" } ], "release_date": "2016-10-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: Carry propagating bug in Montgomery multiplication" }, { "cve": "CVE-2017-3731", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1416852" } ], "notes": [ { "category": "description", "text": "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Truncated packet could crash via OOB read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3731" }, { "category": "external", "summary": "RHBZ#1416852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416852" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3731", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20170126.txt", "url": "https://www.openssl.org/news/secadv/20170126.txt" } ], "release_date": "2017-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Truncated packet could crash via OOB read" }, { "cve": "CVE-2017-3732", "discovery_date": "2017-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1416856" } ], "notes": [ { "category": "description", "text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: BN_mod_exp may produce incorrect results on x86_64", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3732" }, { "category": "external", "summary": "RHBZ#1416856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3732", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3732" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20170126.txt", "url": "https://www.openssl.org/news/secadv/20170126.txt" } ], "release_date": "2017-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: BN_mod_exp may produce incorrect results on x86_64" }, { "cve": "CVE-2017-3736", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2017-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1509169" } ], "notes": [ { "category": "description", "text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: bn_sqrx8x_internal carry bug on x86_64", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3736" }, { "category": "external", "summary": "RHBZ#1509169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509169" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3736", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3736" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20171102.txt", "url": "https://www.openssl.org/news/secadv/20171102.txt" } ], "release_date": "2017-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: bn_sqrx8x_internal carry bug on x86_64" }, { "cve": "CVE-2017-3737", "cwe": { "id": "CWE-391", "name": "Unchecked Error Condition" }, "discovery_date": "2017-12-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1523504" } ], "notes": [ { "category": "description", "text": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Read/write after SSL object in error state", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3737" }, { "category": "external", "summary": "RHBZ#1523504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3737", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3737" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20171207.txt", "url": "https://www.openssl.org/news/secadv/20171207.txt" } ], "release_date": "2017-12-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Read/write after SSL object in error state" }, { "cve": "CVE-2017-3738", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2017-12-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1523510" } ], "notes": [ { "category": "description", "text": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3738" }, { "category": "external", "summary": "RHBZ#1523510", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523510" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3738", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3738" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20171207.txt", "url": "https://www.openssl.org/news/secadv/20171207.txt" } ], "release_date": "2017-12-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2185" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64" } ] }
rhsa-2017_0906
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad Request\" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive \"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nBug Fix(es):\n\n* When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002)\n\n* Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947)\n\n* In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:0906", "url": "https://access.redhat.com/errata/RHSA-2017:0906" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1406744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744" }, { "category": "external", "summary": "1406753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753" }, { "category": "external", "summary": "1406822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822" }, { "category": "external", "summary": "1420002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420002" }, { "category": "external", "summary": "1420047", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420047" }, { "category": "external", "summary": "1429947", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429947" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0906.json" } ], "title": "Red Hat Security Advisory: httpd security and bug fix update", "tracking": { "current_release_date": "2024-11-22T10:45:56+00:00", "generator": { "date": "2024-11-22T10:45:56+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:0906", "initial_release_date": "2017-04-12T12:24:45+00:00", "revision_history": [ { "date": "2017-04-12T12:24:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-04-12T12:24:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T10:45:56+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "product_id": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "product_id": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.4.x86_64", "product": { "name": "httpd-0:2.4.6-45.el7_3.4.x86_64", "product_id": "httpd-0:2.4.6-45.el7_3.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "product_id": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "product_id": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=x86_64" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "product": { "name": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "product_id": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=x86_64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "product": { "name": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "product_id": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.4.6-45.el7_3.4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.4.src", "product": { "name": "httpd-0:2.4.6-45.el7_3.4.src", "product_id": "httpd-0:2.4.6-45.el7_3.4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "product_id": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "product_id": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.4.s390x", "product": { "name": "httpd-0:2.4.6-45.el7_3.4.s390x", "product_id": "httpd-0:2.4.6-45.el7_3.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "product_id": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=s390x" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "product_id": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=s390x" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.4.s390x", "product": { "name": "mod_session-0:2.4.6-45.el7_3.4.s390x", "product_id": "mod_session-0:2.4.6-45.el7_3.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=s390x" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "product_id": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "product_id": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.4.ppc64", "product": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64", "product_id": "httpd-0:2.4.6-45.el7_3.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "product_id": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "product_id": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=ppc64" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "product": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "product_id": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=ppc64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=ppc64\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "product_id": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "product_id": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "product": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "product_id": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "product_id": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "product_id": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "product": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "product_id": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.4?arch=aarch64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "product_id": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.4?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "product_id": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.4?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.4.aarch64", "product": { "name": "httpd-0:2.4.6-45.el7_3.4.aarch64", "product_id": "httpd-0:2.4.6-45.el7_3.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.4?arch=aarch64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "product_id": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.4?arch=aarch64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "product_id": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.4?arch=aarch64" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "product": { "name": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "product_id": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.4?arch=aarch64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.4?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.src", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Client-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.src", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.src", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.src", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Server-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.src", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.src", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.4.noarch", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.s390x", "relates_to_product_reference": "7Workstation-optional-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "relates_to_product_reference": "7Workstation-optional-7.3.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-0736", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2016-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1406744" } ], "notes": [ { "category": "description", "text": "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user\u0027s browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Padding Oracle in Apache mod_session_crypto", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-0736" }, { "category": "external", "summary": "RHBZ#1406744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0736", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0736" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0736" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" }, { "category": "external", "summary": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt" } ], "release_date": "2016-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-12T12:24:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0906" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Padding Oracle in Apache mod_session_crypto" }, { "cve": "CVE-2016-2161", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2016-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1406753" } ], "notes": [ { "category": "description", "text": "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: DoS vulnerability in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2161" }, { "category": "external", "summary": "RHBZ#1406753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2161", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2161" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2161" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" } ], "release_date": "2016-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-12T12:24:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0906" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: DoS vulnerability in mod_auth_digest" }, { "cve": "CVE-2016-4975", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2016-09-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375968" } ], "notes": [ { "category": "description", "text": "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4975" }, { "category": "external", "summary": "RHBZ#1375968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4975", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4975" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" } ], "release_date": "2018-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-12T12:24:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0906" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir" }, { "cve": "CVE-2016-8743", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2016-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1406822" } ], "notes": [ { "category": "description", "text": "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Apache HTTP Request Parsing Whitespace Defects", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8743" }, { "category": "external", "summary": "RHBZ#1406822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8743", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8743" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" } ], "release_date": "2016-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-04-12T12:24:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:0906" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0" }, "products": [ "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Client-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Client-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7ComputeNode-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7ComputeNode-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Server-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Server-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.src", "7Workstation-optional-7.3.Z:httpd-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-debuginfo-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-devel-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:httpd-manual-0:2.4.6-45.el7_3.4.noarch", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:httpd-tools-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ldap-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_proxy_html-1:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_session-0:2.4.6-45.el7_3.4.x86_64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.aarch64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.ppc64le", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.s390x", "7Workstation-optional-7.3.Z:mod_ssl-1:2.4.6-45.el7_3.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Apache HTTP Request Parsing Whitespace Defects" } ] }
rhsa-2018_2486
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.\n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)\n* curl: escape and unescape integer overflows (CVE-2016-7167)\n* curl: Cookie injection for other servers (CVE-2016-8615)\n* curl: Case insensitive password comparison (CVE-2016-8616)\n* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)\n* curl: Double-free in curl_maprintf (CVE-2016-8618)\n* curl: Double-free in krb5 code (CVE-2016-8619)\n* curl: curl_getdate out-of-bounds read (CVE-2016-8621)\n* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)\n* curl: Use-after-free via shared cookies (CVE-2016-8623)\n* curl: Invalid URL parsing with \u0027#\u0027 (CVE-2016-8624)\n* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)\n* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)\n* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)\n* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)\n* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)\n* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)\n* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)\n* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe following packages have been upgraded to a newer upstream version:\n* Curl (7.57.0)\n* OpenSSL (1.0.2n)\n* Expat (2.2.5)\n* PCRE (8.41)\n* libxml2 (2.9.7)\n\nAcknowledgements:\n\nCVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.\nUpstream acknowledges Max Dymond as the original reporter.\nCVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.\nCVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2486", "url": "https://access.redhat.com/errata/RHSA-2018:2486" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/" }, { "category": "external", "summary": "1296102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102" }, { "category": "external", "summary": "1375906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375906" }, { "category": "external", "summary": "1388370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388370" }, { "category": "external", "summary": "1388371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388371" }, { "category": "external", "summary": "1388377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388377" }, { "category": "external", "summary": "1388378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388378" }, { "category": "external", "summary": "1388379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388379" }, { "category": "external", "summary": "1388385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388385" }, { "category": "external", "summary": "1388386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388386" }, { "category": "external", "summary": "1388388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388388" }, { "category": "external", "summary": "1388390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388390" }, { "category": "external", "summary": "1388392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388392" }, { "category": "external", "summary": "1408306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306" }, { "category": "external", "summary": "1425365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425365" }, { "category": "external", "summary": "1434504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434504" }, { "category": "external", "summary": "1437364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437364" }, { "category": "external", "summary": "1437367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437367" }, { "category": "external", "summary": "1437369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437369" }, { "category": "external", "summary": "1495541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495541" }, { "category": "external", "summary": "1503705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503705" }, { "category": "external", "summary": "1597101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597101" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2486.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", "tracking": { "current_release_date": "2024-11-22T12:14:14+00:00", "generator": { "date": "2024-11-22T12:14:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2486", "initial_release_date": "2018-08-16T16:06:16+00:00", "revision_history": [ { "date": "2018-08-16T16:06:16+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-08-16T16:06:16+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T12:14:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services 1", "product": { "name": "Red Hat JBoss Core Services 1", "product_id": "Red Hat JBoss Core Services 1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Gustavo Grieco" ] } ], "cve": "CVE-2016-0718", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2016-01-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1296102" } ], "notes": [ { "category": "description", "text": "An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: Out-of-bounds heap read on crafted input causing crash", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-0718" }, { "category": "external", "summary": "RHBZ#1296102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0718", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0718" } ], "release_date": "2016-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: Out-of-bounds heap read on crafted input causing crash" }, { "cve": "CVE-2016-4975", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2016-09-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375968" } ], "notes": [ { "category": "description", "text": "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4975" }, { "category": "external", "summary": "RHBZ#1375968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4975", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4975" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" } ], "release_date": "2018-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir" }, { "cve": "CVE-2016-5131", "discovery_date": "2016-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1358641" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use after free triggered by XPointer paths beginning with range-to", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5131" }, { "category": "external", "summary": "RHBZ#1358641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358641" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5131", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131" }, { "category": "external", "summary": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "url": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html" } ], "release_date": "2016-07-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libxml2: Use after free triggered by XPointer paths beginning with range-to" }, { "cve": "CVE-2016-7167", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2016-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375906" } ], "notes": [ { "category": "description", "text": "Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: escape and unescape integer overflows", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-7167" }, { "category": "external", "summary": "RHBZ#1375906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375906" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7167", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20160914.html", "url": "https://curl.haxx.se/docs/adv_20160914.html" } ], "release_date": "2016-09-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: escape and unescape integer overflows" }, { "cve": "CVE-2016-8615", "cwe": { "id": "CWE-99", "name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388370" } ], "notes": [ { "category": "description", "text": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Cookie injection for other servers", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8615" }, { "category": "external", "summary": "RHBZ#1388370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388370" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8615", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102A.html", "url": "https://curl.haxx.se/docs/adv_20161102A.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: Cookie injection for other servers" }, { "cve": "CVE-2016-8616", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388371" } ], "notes": [ { "category": "description", "text": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Case insensitive password comparison", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8616" }, { "category": "external", "summary": "RHBZ#1388371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8616", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8616" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102B.html", "url": "https://curl.haxx.se/docs/adv_20161102B.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: Case insensitive password comparison" }, { "cve": "CVE-2016-8617", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388377" } ], "notes": [ { "category": "description", "text": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Out-of-bounds write via unchecked multiplication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8617" }, { "category": "external", "summary": "RHBZ#1388377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388377" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8617", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8617" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102C.html", "url": "https://curl.haxx.se/docs/adv_20161102C.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: Out-of-bounds write via unchecked multiplication" }, { "cve": "CVE-2016-8618", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388378" } ], "notes": [ { "category": "description", "text": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Double-free in curl_maprintf", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8618" }, { "category": "external", "summary": "RHBZ#1388378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388378" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8618", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8618" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102D.html", "url": "https://curl.haxx.se/docs/adv_20161102D.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: Double-free in curl_maprintf" }, { "cve": "CVE-2016-8619", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388379" } ], "notes": [ { "category": "description", "text": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Double-free in krb5 code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8619" }, { "category": "external", "summary": "RHBZ#1388379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388379" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8619", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8619" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102E.html", "url": "https://curl.haxx.se/docs/adv_20161102E.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: Double-free in krb5 code" }, { "cve": "CVE-2016-8621", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388385" } ], "notes": [ { "category": "description", "text": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: curl_getdate out-of-bounds read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8621" }, { "category": "external", "summary": "RHBZ#1388385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388385" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8621", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8621" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102G.html", "url": "https://curl.haxx.se/docs/adv_20161102G.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: curl_getdate out-of-bounds read" }, { "cve": "CVE-2016-8622", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388386" } ], "notes": [ { "category": "description", "text": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: URL unescape heap overflow via integer truncation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8622" }, { "category": "external", "summary": "RHBZ#1388386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8622", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8622" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102H.html", "url": "https://curl.haxx.se/docs/adv_20161102H.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: URL unescape heap overflow via integer truncation" }, { "cve": "CVE-2016-8623", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388388" } ], "notes": [ { "category": "description", "text": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Use-after-free via shared cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8623" }, { "category": "external", "summary": "RHBZ#1388388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8623", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8623" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102I.html", "url": "https://curl.haxx.se/docs/adv_20161102I.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: Use-after-free via shared cookies" }, { "cve": "CVE-2016-8624", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388390" } ], "notes": [ { "category": "description", "text": "curl before version 7.51.0 doesn\u0027t parse the authority component of the URL correctly when the host name part ends with a \u0027#\u0027 character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Invalid URL parsing with \u0027#\u0027", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8624" }, { "category": "external", "summary": "RHBZ#1388390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388390" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8624", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102J.html", "url": "https://curl.haxx.se/docs/adv_20161102J.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: Invalid URL parsing with \u0027#\u0027" }, { "cve": "CVE-2016-8625", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2016-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1388392" } ], "notes": [ { "category": "description", "text": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: IDNA 2003 makes curl use wrong host", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-8625" }, { "category": "external", "summary": "RHBZ#1388392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8625", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8625" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102K.html", "url": "https://curl.haxx.se/docs/adv_20161102K.html" } ], "release_date": "2016-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: IDNA 2003 makes curl use wrong host" }, { "cve": "CVE-2016-9318", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2016-11-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1395609" } ], "notes": [ { "category": "description", "text": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: XML External Entity vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9318" }, { "category": "external", "summary": "RHBZ#1395609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9318", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9318" } ], "release_date": "2016-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" }, { "category": "workaround", "details": "Application parsing untrusted input with libxml2 should be careful to NOT use entity expansion (enabled by XML_PARSE_NOENT) or DTD validation (XML_PARSE_DTDLOAD, XML_PARSE_DTDVALID) on such input.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: XML External Entity vulnerability" }, { "cve": "CVE-2016-9596", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2016-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1408302" } ], "notes": [ { "category": "description", "text": "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9596" }, { "category": "external", "summary": "RHBZ#1408302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9596", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9596" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9596", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9596" } ], "release_date": "2016-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)" }, { "cve": "CVE-2016-9597", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2016-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1408305" } ], "notes": [ { "category": "description", "text": "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9597" }, { "category": "external", "summary": "RHBZ#1408305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9597", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9597" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9597", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9597" } ], "release_date": "2016-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)" }, { "cve": "CVE-2016-9598", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2016-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1408306" } ], "notes": [ { "category": "description", "text": "libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-9598" }, { "category": "external", "summary": "RHBZ#1408306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-9598", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9598" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9598", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9598" } ], "release_date": "2016-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)" }, { "cve": "CVE-2017-6004", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1425365" } ], "notes": [ { "category": "description", "text": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-6004" }, { "category": "external", "summary": "RHBZ#1425365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425365" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-6004", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-6004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6004" } ], "release_date": "2017-02-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)" }, { "cve": "CVE-2017-7186", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1434504" } ], "notes": [ { "category": "description", "text": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7186" }, { "category": "external", "summary": "RHBZ#1434504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7186", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7186" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7186", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7186" } ], "release_date": "2017-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)" }, { "cve": "CVE-2017-7244", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1437364" } ], "notes": [ { "category": "description", "text": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7244" }, { "category": "external", "summary": "RHBZ#1437364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7244", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7244" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7244", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7244" }, { "category": "external", "summary": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", "url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/" } ], "release_date": "2017-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)" }, { "cve": "CVE-2017-7245", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1437367" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: stack-based buffer overflow write in pcre32_copy_substring", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7245" }, { "category": "external", "summary": "RHBZ#1437367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437367" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7245", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7245" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7245", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7245" }, { "category": "external", "summary": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", "url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/" } ], "release_date": "2017-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pcre: stack-based buffer overflow write in pcre32_copy_substring" }, { "cve": "CVE-2017-7246", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1437369" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcre: stack-based buffer overflow write in pcre32_copy_substring", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7246" }, { "category": "external", "summary": "RHBZ#1437369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437369" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7246", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7246" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7246", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7246" }, { "category": "external", "summary": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", "url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/" } ], "release_date": "2017-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pcre: stack-based buffer overflow write in pcre32_copy_substring" }, { "cve": "CVE-2017-9047", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2017-05-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452554" } ], "notes": [ { "category": "description", "text": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer \u0027buf\u0027 of size \u0027size\u0027. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses \u0027len\u0027 rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Buffer overflow in function xmlSnprintfElementContent", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9047" }, { "category": "external", "summary": "RHBZ#1452554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9047", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9047" } ], "release_date": "2017-05-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Buffer overflow in function xmlSnprintfElementContent" }, { "cve": "CVE-2017-9048", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2017-05-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452549" } ], "notes": [ { "category": "description", "text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer \u0027buf\u0027 of size \u0027size\u0027. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9048" }, { "category": "external", "summary": "RHBZ#1452549", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452549" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9048", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9048" } ], "release_date": "2017-05-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent" }, { "cve": "CVE-2017-9049", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-05-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452556" } ], "notes": [ { "category": "description", "text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9049" }, { "category": "external", "summary": "RHBZ#1452556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452556" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9049", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9049" } ], "release_date": "2017-05-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey" }, { "cve": "CVE-2017-9050", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-05-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1452553" } ], "notes": [ { "category": "description", "text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer over-read in function xmlDictAddString", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9050" }, { "category": "external", "summary": "RHBZ#1452553", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452553" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9050", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9050" } ], "release_date": "2017-05-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer over-read in function xmlDictAddString" }, { "cve": "CVE-2017-18258", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2018-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1566749" } ], "notes": [ { "category": "description", "text": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-18258" }, { "category": "external", "summary": "RHBZ#1566749", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-18258", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258" } ], "release_date": "2017-09-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c" }, { "acknowledgments": [ { "names": [ "the Curl project" ] }, { "names": [ "Max Dymond" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2017-1000254", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-09-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1495541" } ], "notes": [ { "category": "description", "text": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: FTP PWD response parser out of bounds read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-1000254" }, { "category": "external", "summary": "RHBZ#1495541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495541" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000254", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20171004.html", "url": "https://curl.haxx.se/docs/adv_20171004.html" } ], "release_date": "2017-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: FTP PWD response parser out of bounds read" }, { "acknowledgments": [ { "names": [ "the Curl project" ] }, { "names": [ "Brian Carpenter", "the OSS-Fuzz project" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2017-1000257", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503705" } ], "notes": [ { "category": "description", "text": "A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: IMAP FETCH response out of bounds read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-1000257" }, { "category": "external", "summary": "RHBZ#1503705", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503705" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000257", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000257" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20171023.html", "url": "https://curl.haxx.se/docs/adv_20171023.html" } ], "release_date": "2017-10-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" }, { "category": "workaround", "details": "Switch off IMAP in `CURLOPT_PROTOCOLS`", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: IMAP FETCH response out of bounds read" }, { "acknowledgments": [ { "names": [ "the Curl project" ] }, { "names": [ "Peter Wu" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2018-0500", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2018-07-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1597101" } ], "notes": [ { "category": "description", "text": "A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of curl/libcurl as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.\n\nThis issue did not affect the versions of curl/libcurl as shipped with Red Hat Software Collections 3 as they did not include the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0500" }, { "category": "external", "summary": "RHBZ#1597101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597101" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0500", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0500" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_2018-70a2.html", "url": "https://curl.haxx.se/docs/adv_2018-70a2.html" } ], "release_date": "2018-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-16T16:06:16+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP" } ] }
rhsa-2018_2186
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2186", "url": "https://access.redhat.com/errata/RHSA-2018:2186" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/" }, { "category": "external", "summary": "1367340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367340" }, { "category": "external", "summary": "1369855", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369855" }, { "category": "external", "summary": "1377594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377594" }, { "category": "external", "summary": "1393929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393929" }, { "category": "external", "summary": "1416852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416852" }, { "category": "external", "summary": "1416856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416856" }, { "category": "external", "summary": "1509169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509169" }, { "category": "external", "summary": "1523504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523504" }, { "category": "external", "summary": "1523510", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523510" }, { "category": "external", "summary": "JBCS-372", "url": "https://issues.redhat.com/browse/JBCS-372" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2186.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", "tracking": { "current_release_date": "2024-11-22T11:15:56+00:00", "generator": { "date": "2024-11-22T11:15:56+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2186", "initial_release_date": "2018-07-12T16:14:52+00:00", "revision_history": [ { "date": "2018-07-12T16:14:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-07-12T16:14:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T11:15:56+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 6 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "product_id": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el6?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "product_id": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "product_id": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "product_id": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "product_id": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "product": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "product": { "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "product_id": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "product": { "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "product_id": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-2182", "cwe": { "id": "CWE-391", "name": "Unchecked Error Condition" }, "discovery_date": "2016-08-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1367340" } ], "notes": [ { "category": "description", "text": "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2182" }, { "category": "external", "summary": "RHBZ#1367340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2182", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2182" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2182" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20160922.txt", "url": "https://www.openssl.org/news/secadv/20160922.txt" } ], "release_date": "2016-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()" }, { "cve": "CVE-2016-4975", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2016-09-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1375968" } ], "notes": [ { "category": "description", "text": "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4975" }, { "category": "external", "summary": "RHBZ#1375968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4975", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4975" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" } ], "release_date": "2018-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir" }, { "cve": "CVE-2016-6302", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2016-08-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369855" } ], "notes": [ { "category": "description", "text": "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Insufficient TLS session ticket HMAC length checks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-6302" }, { "category": "external", "summary": "RHBZ#1369855", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369855" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-6302", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6302" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6302" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20160922.txt", "url": "https://www.openssl.org/news/secadv/20160922.txt" } ], "release_date": "2016-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Insufficient TLS session ticket HMAC length checks" }, { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Shi Lei" ], "organization": "Gear Team of Qihoo 360 Inc.", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-6306", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2016-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1377594" } ], "notes": [ { "category": "description", "text": "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: certificate message OOB reads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-6306" }, { "category": "external", "summary": "RHBZ#1377594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377594" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-6306", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6306" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20160922.txt", "url": "https://www.openssl.org/news/secadv/20160922.txt" } ], "release_date": "2016-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: certificate message OOB reads" }, { "acknowledgments": [ { "names": [ "the OpenSSL project" ] } ], "cve": "CVE-2016-7055", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2016-10-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1393929" } ], "notes": [ { "category": "description", "text": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker\u0027s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Carry propagating bug in Montgomery multiplication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-7055" }, { "category": "external", "summary": "RHBZ#1393929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7055", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7055" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20161110.txt", "url": "https://www.openssl.org/news/secadv/20161110.txt" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20170126.txt", "url": "https://www.openssl.org/news/secadv/20170126.txt" } ], "release_date": "2016-10-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: Carry propagating bug in Montgomery multiplication" }, { "cve": "CVE-2017-3731", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1416852" } ], "notes": [ { "category": "description", "text": "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Truncated packet could crash via OOB read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3731" }, { "category": "external", "summary": "RHBZ#1416852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416852" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3731", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3731" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20170126.txt", "url": "https://www.openssl.org/news/secadv/20170126.txt" } ], "release_date": "2017-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Truncated packet could crash via OOB read" }, { "cve": "CVE-2017-3732", "discovery_date": "2017-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1416856" } ], "notes": [ { "category": "description", "text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: BN_mod_exp may produce incorrect results on x86_64", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3732" }, { "category": "external", "summary": "RHBZ#1416856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3732", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3732" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20170126.txt", "url": "https://www.openssl.org/news/secadv/20170126.txt" } ], "release_date": "2017-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: BN_mod_exp may produce incorrect results on x86_64" }, { "cve": "CVE-2017-3736", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2017-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1509169" } ], "notes": [ { "category": "description", "text": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: bn_sqrx8x_internal carry bug on x86_64", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3736" }, { "category": "external", "summary": "RHBZ#1509169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1509169" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3736", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3736" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20171102.txt", "url": "https://www.openssl.org/news/secadv/20171102.txt" } ], "release_date": "2017-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: bn_sqrx8x_internal carry bug on x86_64" }, { "cve": "CVE-2017-3737", "cwe": { "id": "CWE-391", "name": "Unchecked Error Condition" }, "discovery_date": "2017-12-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1523504" } ], "notes": [ { "category": "description", "text": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Read/write after SSL object in error state", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3737" }, { "category": "external", "summary": "RHBZ#1523504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3737", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3737" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20171207.txt", "url": "https://www.openssl.org/news/secadv/20171207.txt" } ], "release_date": "2017-12-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Read/write after SSL object in error state" }, { "cve": "CVE-2017-3738", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2017-12-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1523510" } ], "notes": [ { "category": "description", "text": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3738" }, { "category": "external", "summary": "RHBZ#1523510", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523510" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3738", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3738" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20171207.txt", "url": "https://www.openssl.org/news/secadv/20171207.txt" } ], "release_date": "2017-12-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-12T16:14:52+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64" } ] }
cve-2016-4975
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html", "dc:date": "2019-07-25T14:14+09:00", "dcterms:issued": "2017-06-30T15:55+09:00", "dcterms:modified": "2019-07-25T14:14+09:00", "description": "A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.", "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_http_server", "@product": "Cosminexus HTTP Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_application_server", "@product": "Hitachi Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_application_server_for_developers", "@product": "Hitachi Application Server for Developers", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:it_operations_director", "@product": "Hitachi IT Operations Director", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management", "@product": "Job Management Partner 1/IT Desktop Management", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager", "@product": "Job Management Partner 1/IT Desktop Management - Manager", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:job_management_partner_1_integrated_management", "@product": "Job Management Partner 1/Integrated Management", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console", "@product": "Job Management Partner 1/Performance Management - Web Console", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:jp1%2fautomatic_operation", "@product": "JP1/Automatic Operation", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager", "@product": "JP1/IT Desktop Management - Manager", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:jp1%2fperformance_management", "@product": "JP1/Performance Management", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:jp1_automatic_job_management_system_3", "@product": "JP1/Automatic Job Management System 3", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:jp1_integrated_management", "@product": "JP1/Integrated Management", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:jp1_it_desktop_management", "@product": "JP1/IT Desktop Management", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:jp1_operation_analytics", "@product": "JP1/Operations Analytics", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:jp1_service_support", "@product": "JP1/Service Support", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise", "@product": "uCosminexus Application Server Enterprise", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition", "@product": "uCosminexus Application Server Smart Edition", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard", "@product": "uCosminexus Application Server Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer_light", "@product": "uCosminexus Developer Light", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer_standard", "@product": "uCosminexus Developer Standard", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_primary_server", "@product": "uCosminexus Primary Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service_architect", "@product": "uCosminexus Service Architect", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service_platform", "@product": "uCosminexus Service Platform", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": [ { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, { "@score": "4.0", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "@version": "3.0" } ], "sec:identifier": "JVNDB-2016-008607", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "@id": "CVE-2016-8743", "@source": "CVE" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975", "@id": "CVE-2016-4975", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743", "@id": "CVE-2016-8743", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", "@id": "CVE-2016-4975", "@source": "NVD" }, { "#text": "https://cwe.mitre.org/data/definitions/19.html", "@id": "CWE-19", "@title": "Data Handling(CWE-19)" } ], "title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server" }
var-201808-0004
Vulnerability from variot
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0004", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.4" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.6" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.20" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.16" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.17" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.18" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.10" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.12" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.9" }, { "model": "http server", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.4.23" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.27" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.14" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.21" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.22" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.31" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.4.7" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.4" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.18" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.4.2" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.11" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.10" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.29" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.12" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.16" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.9" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.19" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.2" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.23" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.3" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.24" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.4.1" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.4.3" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.13" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.26" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.8" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.17" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.25" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.15" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.20" }, { "model": "webotx", "scope": null, "trust": 0.8, "vendor": "\u65e5\u672c\u96fb\u6c17", "version": null }, { "model": "hitachi it operations director", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/integrated management", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus developer", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/service support", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "istorage", "scope": null, "trust": 0.8, "vendor": "\u65e5\u672c\u96fb\u6c17", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "hitachi application server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/operations analytics", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/it desktop management", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus primary server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "simpwright", "scope": null, "trust": 0.8, "vendor": "\u65e5\u672c\u96fb\u6c17", "version": null }, { "model": "spoolserver\u30b7\u30ea\u30fc\u30ba", "scope": null, "trust": 0.8, "vendor": "\u65e5\u672c\u96fb\u6c17", "version": null }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "job management partner 1/it desktop management", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "mailshooter", "scope": null, "trust": 0.8, "vendor": "\u65e5\u672c\u96fb\u6c17", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "csview", "scope": null, "trust": 0.8, "vendor": "\u65e5\u672c\u96fb\u6c17", "version": null }, { "model": "job management partner 1/performance management - web console", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/automatic job management system 3", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "hitachi application server for developers", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus service platform", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "http server", "scope": null, "trust": 0.8, "vendor": "apache", "version": null }, { "model": "job management partner 1/it desktop management - manager", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "job management partner 1/integrated management", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus application server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/automatic operation", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/performance management", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "hitachi web server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.23" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.20" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.18" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.17" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.16" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.31" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.27" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.26" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.25" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.24" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.23" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.15" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.14" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.13" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.7" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.29" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.22" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.21" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.20" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.19" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.18" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.17" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.16" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.4.25" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.2.32" } ], "sources": [ { "db": "BID", "id": "105093" }, { "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "db": "NVD", "id": "CVE-2016-4975" }, { "db": "CNNVD", "id": "CNNVD-201808-445" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4975" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sergey Bobrov", "sources": [ { "db": "BID", "id": "105093" } ], "trust": 0.3 }, "cve": "CVE-2016-4975", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "VENDOR", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2016-008607", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2016-4975", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "VENDOR", "availabilityImpact": "None", "baseScore": 4.0, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2016-008607", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-4975", "trust": 1.0, "value": "MEDIUM" }, { "author": "VENDOR", "id": "JVNDB-2016-008607", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201808-445", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-4975", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-4975" }, { "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "db": "NVD", "id": "CVE-2016-4975" }, { "db": "CNNVD", "id": "CNNVD-201808-445" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). \nAttackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust", "sources": [ { "db": "NVD", "id": "CVE-2016-4975" }, { "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "db": "BID", "id": "105093" }, { "db": "VULMON", "id": "CVE-2016-4975" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4975", "trust": 3.6 }, { "db": "BID", "id": "105093", "trust": 1.9 }, { "db": "JVN", "id": "JVNVU99304449", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-008607", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.1415", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201808-445", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-4975", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-4975" }, { "db": "BID", "id": "105093" }, { "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "db": "NVD", "id": "CVE-2016-4975" }, { "db": "CNNVD", "id": "CNNVD-201808-445" } ] }, "id": "VAR-201808-0004", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.206875005 }, "last_update_date": "2023-12-18T11:34:42.182000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2018-103", "trust": 0.8, "url": "https://httpd.apache.org/security/vulnerabilities_24.html#cve-2016-8743" }, { "title": "Apache HTTP Server Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83901" }, { "title": "Red Hat: CVE-2016-4975", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-4975" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory" }, { "title": "IBM: IBM Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=38227211accce022b0a3d9b56a974186" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182486 - security advisory" }, { "title": "", "trust": 0.1, "url": "https://github.com/tom-riddle0/crlf " }, { "title": "Pentest-Cheetsheet", "trust": 0.1, "url": "https://github.com/mrfrozenpepe/pentest-cheetsheet " }, { "title": "DC-3-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-3-vulnhub-walkthrough " }, { "title": "DC-2-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-2-vulnhub-walkthrough " }, { "title": "DC-1-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-1-vulnhub-walkthrough " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " }, { "title": "", "trust": 0.1, "url": "https://github.com/secureaxom/strike " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "Basic-Pentesting-2-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/basic-pentesting-2-vulnhub-walkthrough " }, { "title": "", "trust": 0.1, "url": "https://github.com/bioly230/thm_skynet " }, { "title": "Basic-Pentesting-2", "trust": 0.1, "url": "https://github.com/vshaliii/basic-pentesting-2 " }, { "title": "", "trust": 0.1, "url": "https://github.com/nikulinms/13-01-hw " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-4975" }, { "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "db": "CNNVD", "id": "CNNVD-201808-445" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-93", "trust": 1.0 }, { "problemtype": "Data processing (CWE-19) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "db": "NVD", "id": "CVE-2016-4975" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.securityfocus.com/bid/105093" }, { "trust": 1.6, "url": "https://security.netapp.com/advisory/ntap-20180926-0006/" }, { "trust": 1.6, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03908en_us" }, { "trust": 1.3, "url": "https://httpd.apache.org/security/vulnerabilities_24.html#cve-2016-4975" }, { "trust": 1.0, "url": "https://httpd.apache.org/security/vulnerabilities_22.html#cve-2016-4975" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99304449/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4975" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html#cve-2016-4975" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_24.html#cve-2016-4975" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10715641" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/79678" }, { "trust": 0.3, "url": "http://www.apache.org/" } ], "sources": [ { "db": "BID", "id": "105093" }, { "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "db": "NVD", "id": "CVE-2016-4975" }, { "db": "CNNVD", "id": "CNNVD-201808-445" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-4975" }, { "db": "BID", "id": "105093" }, { "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "db": "NVD", "id": "CVE-2016-4975" }, { "db": "CNNVD", "id": "CNNVD-201808-445" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-08-14T00:00:00", "db": "VULMON", "id": "CVE-2016-4975" }, { "date": "2018-08-14T00:00:00", "db": "BID", "id": "105093" }, { "date": "2017-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "date": "2018-08-14T12:29:00.220000", "db": "NVD", "id": "CVE-2016-4975" }, { "date": "2018-08-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201808-445" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-4975" }, { "date": "2018-08-14T00:00:00", "db": "BID", "id": "105093" }, { "date": "2023-06-29T00:58:00", "db": "JVNDB", "id": "JVNDB-2016-008607" }, { "date": "2023-11-07T02:32:51.933000", "db": "NVD", "id": "CVE-2016-4975" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201808-445" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201808-445" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cosminexus\u00a0HTTP\u00a0Server\u00a0 and \u00a0Hitachi\u00a0Web\u00a0Server\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008607" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201808-445" } ], "trust": 0.6 } }
ghsa-crcg-r773-w4rv
Vulnerability from github
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
{ "affected": [], "aliases": [ "CVE-2016-4975" ], "database_specific": { "cwe_ids": [ "CWE-93" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2018-08-14T12:29:00Z", "severity": "MODERATE" }, "details": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", "id": "GHSA-crcg-r773-w4rv", "modified": "2022-05-13T01:09:44Z", "published": "2022-05-13T01:09:44Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975" }, { "type": "WEB", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20180926-0006" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/105093" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }
gsd-2016-4975
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2016-4975", "description": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", "id": "GSD-2016-4975", "references": [ "https://www.suse.com/security/cve/CVE-2016-4975.html", "https://access.redhat.com/errata/RHSA-2018:2486", "https://access.redhat.com/errata/RHSA-2018:2186", "https://access.redhat.com/errata/RHSA-2018:2185", "https://access.redhat.com/errata/RHSA-2017:0906" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2016-4975" ], "details": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", "id": "GSD-2016-4975", "modified": "2023-12-13T01:21:19.045552Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-08-14", "ID": "CVE-2016-4975", "STATE": "PUBLIC", "TITLE": "mod_userdir CRLF injection" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_value": "Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23)" }, { "version_value": "Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "The issue was discovered by Sergey Bobrov" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)." } ] }, "impact": [ { "lang": "eng", "url": "https://httpd.apache.org/security/impact_levels.html#moderate", "value": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "(undefined)" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "name": "https://security.netapp.com/advisory/ntap-20180926-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180926-0006/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "name": "105093", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105093" }, { "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2016-4975" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-93" } ] } ] }, "references": { "reference_data": [ { "name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" }, { "name": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975" }, { "name": "105093", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105093" }, { "name": "https://security.netapp.com/advisory/ntap-20180926-0006/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0006/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us", "refsource": "CONFIRM", "tags": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [10/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [10/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } }, "lastModifiedDate": "2021-06-06T11:15Z", "publishedDate": "2018-08-14T12:29Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.