Action not permitted
Modal body text goes here.
cve-2017-9788
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Apache Software Foundation | Apache HTTP Server |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:18:02.177Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3113", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT208221" }, { "name": "RHSA-2017:2479", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "name": "RHSA-2017:2483", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170911-0002/" }, { "name": "RHSA-2017:3240", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "name": "RHSA-2017:2709", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "name": "RHSA-2017:3195", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "name": "[announce] 20170713 CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E" }, { "name": "99569", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99569" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3239", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "name": "RHSA-2017:3114", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "RHSA-2017:3194", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "name": "1038906", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038906" }, { "name": "RHSA-2017:3193", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "name": "RHSA-2017:2710", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "name": "DSA-3913", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3913" }, { "name": "RHSA-2017:2708", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "name": "GLSA-201710-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-32" }, { "name": "RHSA-2017:2478", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2019-09" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "2.2.0 to 2.2.33" }, { "status": "affected", "version": "2.4.1 to 2.4.26" } ] } ], "datePublic": "2017-07-13T00:00:00", "descriptions": [ { "lang": "en", "value": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "Uninitialized memory reflection in mod_auth_digest", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:11:42", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "RHSA-2017:3113", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT208221" }, { "name": "RHSA-2017:2479", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "name": "RHSA-2017:2483", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170911-0002/" }, { "name": "RHSA-2017:3240", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "name": "RHSA-2017:2709", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "name": "RHSA-2017:3195", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "name": "[announce] 20170713 CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E" }, { "name": "99569", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99569" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3239", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "name": "RHSA-2017:3114", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "RHSA-2017:3194", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "name": "1038906", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038906" }, { "name": "RHSA-2017:3193", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "name": "RHSA-2017:2710", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "name": "DSA-3913", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3913" }, { "name": "RHSA-2017:2708", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "name": "GLSA-201710-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-32" }, { "name": "RHSA-2017:2478", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2019-09" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-07-13T00:00:00", "ID": "CVE-2017-9788", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_value": "2.2.0 to 2.2.33" }, { "version_value": "2.4.1 to 2.4.26" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Uninitialized memory reflection in mod_auth_digest" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3113", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "name": "https://support.apple.com/HT208221", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208221" }, { "name": "RHSA-2017:2479", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "name": "RHSA-2017:2483", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "name": "https://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "https://security.netapp.com/advisory/ntap-20170911-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170911-0002/" }, { "name": "RHSA-2017:3240", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "name": "RHSA-2017:2709", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "name": "RHSA-2017:3195", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "name": "[announce] 20170713 CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E" }, { "name": "99569", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99569" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3239", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "name": "RHSA-2017:3114", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "RHSA-2017:3194", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "name": "1038906", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038906" }, { "name": "RHSA-2017:3193", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "name": "RHSA-2017:2710", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "name": "DSA-3913", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3913" }, { "name": "RHSA-2017:2708", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "name": "GLSA-201710-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-32" }, { "name": "RHSA-2017:2478", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2019-09", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-09" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-9788", "datePublished": "2017-07-13T16:00:00Z", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-09-16T17:53:37.547Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-9788\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-07-13T16:29:00.227\",\"lastModified\":\"2023-11-07T02:50:52.257\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.\"},{\"lang\":\"es\",\"value\":\"En Apache httpd, en versiones anteriores a la 2.2.34 y en versiones 2.4.x anteriores a la 2.4.27, el valor placeholder en cabeceras [Proxy-]Authorization del tipo \u0027Digest\u0027 no se inicializ\u00f3 o reinici\u00f3 antes de o entre las asignaciones sucesivas key=value por mod_auth_digest. Proporcionar una clave inicial sin asignaci\u00f3n \\\"=\\\" podr\u00eda reflejar el valor obsoleto de la memoria agrupada no inicializada utilizada por la petici\u00f3n anterior. Esto podr\u00eda dar lugar al filtrado de informaci\u00f3n potencialmente confidencial y, en otros casos, a un fallo de segmentaci\u00f3n que dar\u00eda como resultado una denegaci\u00f3n de servicio (DoS)\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.4},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.2.33\",\"matchCriteriaId\":\"BF02A472-9FEE-4796-B9B6-DEF9FB20AFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndIncluding\":\"2.4.26\",\"matchCriteriaId\":\"B4F38A30-B7C6-4F9E-BFE0-B8481B0EAD26\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.13.1\",\"matchCriteriaId\":\"C43CA59D-847F-4225-A7A6-02DEB1BB4F64\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*\",\"matchCriteriaId\":\"3FA5E22C-489B-4C5F-A5F3-C03F45CA8811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B7A6697-98CC-4E36-93DB-B7160F8399F9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C8D871B-AEA1-4407-AEE3-47EC782250FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C81647C-9A53-481D-A54C-36770A093F90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B067C7-735E-43C9-9188-7E1522A02491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8442C20-41F9-47FD-9A12-E724D3A31FD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6755B6AD-0422-467B-8115-34A60B1D1A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2466282-51AB-478D-9FF4-FA524265ED2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1ABA871-3271-48E2-A69C-5AD70AF94E53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"681173DF-537E-4A64-8FC7-75F439CCAD0D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_global_desktop:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B4B4E96-1F12-4719-BDB7-4ED5D3DCF9ED\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3913\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99569\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038906\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2478\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2479\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2483\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2708\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2709\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2710\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3113\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3114\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3193\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3194\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3195\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3239\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3240\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_22.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/201710-32\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20170911-0002/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT208221\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"security@apache.org\"}]}}" } }
rhsa-2017_2708
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2708", "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.23", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.23" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/", "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/" }, { "category": "external", "summary": "1243888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888" }, { "category": "external", "summary": "1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "JBCS-329", "url": "https://issues.redhat.com/browse/JBCS-329" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2708.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services security update", "tracking": { "current_release_date": "2024-11-05T20:12:14+00:00", "generator": { "date": "2024-11-05T20:12:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:2708", "initial_release_date": "2017-09-13T16:37:52+00:00", "revision_history": [ { "date": "2017-09-13T16:37:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-09-13T16:37:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:12:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services 1", "product": { "name": "Red Hat JBoss Core Services 1", "product_id": "Red Hat JBoss Core Services 1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-3185", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2015-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1243888" } ], "notes": [ { "category": "description", "text": "It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-3185" }, { "category": "external", "summary": "RHBZ#1243888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3185", "url": "https://www.cve.org/CVERecord?id=CVE-2015-3185" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3185", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3185" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16", "url": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16" } ], "release_date": "2015-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:37:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2708" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4" }, { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369383" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "RHBZ#1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" } ], "release_date": "2016-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:37:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "category": "workaround", "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:37:52+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" } ] }
rhsa-2017_2709
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for JBoss Core Services on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2709", "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/", "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/" }, { "category": "external", "summary": "1243888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888" }, { "category": "external", "summary": "1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "JBCS-329", "url": "https://issues.redhat.com/browse/JBCS-329" }, { "category": "external", "summary": "JBCS-336", "url": "https://issues.redhat.com/browse/JBCS-336" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2709.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services security update", "tracking": { "current_release_date": "2024-11-05T20:11:43+00:00", "generator": { "date": "2024-11-05T20:11:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:2709", "initial_release_date": "2017-09-13T16:48:46+00:00", "revision_history": [ { "date": "2017-09-13T16:48:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-09-13T16:48:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:11:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-122.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-122.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-122.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-122.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-122.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-122.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-122.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-122.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-122.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-122.jbcs.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "product_id": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-122.jbcs.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.23-122.jbcs.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-3185", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2015-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1243888" } ], "notes": [ { "category": "description", "text": "It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-3185" }, { "category": "external", "summary": "RHBZ#1243888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3185", "url": "https://www.cve.org/CVERecord?id=CVE-2015-3185" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3185", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3185" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16", "url": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16" } ], "release_date": "2015-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:48:46+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2709" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4" }, { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369383" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "RHBZ#1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" } ], "release_date": "2016-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:48:46+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "category": "workaround", "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:48:46+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" } ] }
rhsa-2017_3113
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3113", "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/articles/3227901", "url": "https://access.redhat.com/articles/3227901" }, { "category": "external", "summary": "1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "1493075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493075" }, { "category": "external", "summary": "1493220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220" }, { "category": "external", "summary": "1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3113.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update", "tracking": { "current_release_date": "2024-11-05T20:15:10+00:00", "generator": { "date": "2024-11-05T20:15:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:3113", "initial_release_date": "2017-11-02T19:15:44+00:00", "revision_history": [ { "date": "2017-11-02T19:15:44+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-02T19:15:44+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:15:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "product_id": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "product": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "product_id": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "product": { "name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "product_id": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl22@2.2.26-58.ep6.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-manual@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "product_id": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap22@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-tools@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-devel@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_ldap-0:2.2.26-57.ep6.el6.i386", "product": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.i386", "product_id": "mod_ldap-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-tools-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-devel-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-57.ep6.el6.i386", "product": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.i386", "product_id": "mod_ssl-1:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-manual-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.26-57.ep6.el6.src", "product": { "name": "httpd-0:2.2.26-57.ep6.el6.src", "product_id": "httpd-0:2.2.26-57.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "product": { "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "product": { "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "httpd22-0:2.2.26-58.ep6.el7.src", "product": { "name": "httpd22-0:2.2.26-58.ep6.el7.src", "product_id": "httpd22-0:2.2.26-58.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "product": { "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "product": { "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-maven-devel@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "product": { "name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_id": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.41-19_patch_04.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "product": { "name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_id": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-28_patch_05.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-maven-devel@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-el-2.1-api@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "product": { "name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_id": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.41-19_patch_04.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "product": { "name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_id": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-28_patch_05.ep6.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-57.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src" }, "product_reference": "httpd-0:2.2.26-57.ep6.el6.src", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386" }, "product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src" }, "product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src" }, "product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch" }, "product_reference": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.26-58.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src" }, "product_reference": "httpd22-0:2.2.26-58.ep6.el7.src", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src" }, "product_reference": "tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src" }, "product_reference": "tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" }, "product_reference": "tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEWS-2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369383" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "RHBZ#1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" } ], "release_date": "2016-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:15:44+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "category": "workaround", "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:15:44+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" }, { "acknowledgments": [ { "names": [ "Hanno B\u00f6ck" ] } ], "cve": "CVE-2017-9798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1490344" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9798" }, { "category": "external", "summary": "RHBZ#1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "category": "external", "summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" } ], "release_date": "2017-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:15:44+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "category": "workaround", "details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)" }, { "cve": "CVE-2017-12615", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1493220" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution via JSP Upload", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12615" }, { "category": "external", "summary": "RHBZ#1493220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2017-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:15:44+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "category": "workaround", "details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution via JSP Upload" }, { "cve": "CVE-2017-12617", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494283" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution bypass for CVE-2017-12615", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12617" }, { "category": "external", "summary": "RHBZ#1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12617" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html", "url": "https://tomcat.apache.org/security-7.html" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html", "url": "https://tomcat.apache.org/security-8.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2017-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:15:44+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "category": "workaround", "details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.", "product_ids": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el6.src", "6Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el6.src", "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el6.noarch", "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el6.noarch", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEWS-2:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-0:6.0.41-19_patch_04.ep6.el7.src", "7Server-JBEWS-2:tomcat6-admin-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-docs-webapp-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-el-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-javadoc-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-jsp-2.1-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-lib-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-log4j-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-maven-devel-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-servlet-2.5-api-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat6-webapps-0:6.0.41-19_patch_04.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-0:7.0.54-28_patch_05.ep6.el7.src", "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-28_patch_05.ep6.el7.noarch", "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-28_patch_05.ep6.el7.noarch" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution bypass for CVE-2017-12615" } ] }
rhsa-2017_3114
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)\n\n* The jboss-ews-application-servers zip README contains incomplete description of fixed CVEs (BZ#1497953)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3114", "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.1.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=2.1.2" }, { "category": "external", "summary": "https://access.redhat.com/articles/3227901", "url": "https://access.redhat.com/articles/3227901" }, { "category": "external", "summary": "1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "1493075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493075" }, { "category": "external", "summary": "1493220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220" }, { "category": "external", "summary": "1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283" }, { "category": "external", "summary": "1497953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1497953" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3114.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server security and bug fix update", "tracking": { "current_release_date": "2024-11-05T20:15:17+00:00", "generator": { "date": "2024-11-05T20:15:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:3114", "initial_release_date": "2017-11-02T19:04:48+00:00", "revision_history": [ { "date": "2017-11-02T19:04:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-02T19:04:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:15:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 2.1", "product": { "name": "Red Hat JBoss Web Server 2.1", "product_id": "Red Hat JBoss Web Server 2.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369383" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "RHBZ#1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" } ], "release_date": "2016-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:04:48+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 2.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "category": "workaround", "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961", "product_ids": [ "Red Hat JBoss Web Server 2.1" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 2.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:04:48+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 2.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "Red Hat JBoss Web Server 2.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 2.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" }, { "acknowledgments": [ { "names": [ "Hanno B\u00f6ck" ] } ], "cve": "CVE-2017-9798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1490344" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9798" }, { "category": "external", "summary": "RHBZ#1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "category": "external", "summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" } ], "release_date": "2017-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:04:48+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 2.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "category": "workaround", "details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "product_ids": [ "Red Hat JBoss Web Server 2.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 2.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)" }, { "cve": "CVE-2017-12615", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1493220" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution via JSP Upload", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12615" }, { "category": "external", "summary": "RHBZ#1493220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2017-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:04:48+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 2.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "category": "workaround", "details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.", "product_ids": [ "Red Hat JBoss Web Server 2.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 2.1" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution via JSP Upload" }, { "cve": "CVE-2017-12617", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494283" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution bypass for CVE-2017-12615", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 2.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12617" }, { "category": "external", "summary": "RHBZ#1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12617" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html", "url": "https://tomcat.apache.org/security-7.html" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html", "url": "https://tomcat.apache.org/security-8.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2017-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-02T19:04:48+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 2.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "category": "workaround", "details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.", "product_ids": [ "Red Hat JBoss Web Server 2.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 2.1" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution bypass for CVE-2017-12615" } ] }
rhsa-2017_3240
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21st November 2017]\nPreviously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3240", "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/" }, { "category": "external", "summary": "https://access.redhat.com/articles/3229231", "url": "https://access.redhat.com/articles/3229231" }, { "category": "external", "summary": "1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "1508880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508880" }, { "category": "external", "summary": "1508884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508884" }, { "category": "external", "summary": "1508885", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508885" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3240.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update", "tracking": { "current_release_date": "2024-11-05T20:16:16+00:00", "generator": { "date": "2024-11-05T20:16:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:3240", "initial_release_date": "2017-11-16T19:27:22+00:00", "revision_history": [ { "date": "2017-11-16T19:27:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-21T18:17:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:16:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "product_id": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "product": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "product_id": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "product": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "product_id": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "product": { "name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "product_id": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl22@2.2.26-58.ep6.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-manual@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "product_id": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap22@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-tools@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "product": { "name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "product_id": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-devel@2.2.26-58.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=ppc64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-57.ep6.el6.ppc64", "product": { "name": "httpd-0:2.2.26-57.ep6.el6.ppc64", "product_id": "httpd-0:2.2.26-57.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "product": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "product": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "product_id": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "product": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "product_id": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "product": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "product_id": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "product": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "product_id": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "product": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "product_id": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=ppc64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "product": { "name": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "product_id": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl22@2.2.26-58.ep6.el7?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "product": { "name": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "product_id": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-manual@2.2.26-58.ep6.el7?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "product": { "name": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "product_id": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap22@2.2.26-58.ep6.el7?arch=ppc64" } } }, { "category": "product_version", "name": "httpd22-0:2.2.26-58.ep6.el7.ppc64", "product": { "name": "httpd22-0:2.2.26-58.ep6.el7.ppc64", "product_id": "httpd22-0:2.2.26-58.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=ppc64" } } }, { "category": "product_version", "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "product": { "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "product_id": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.26-58.ep6.el7?arch=ppc64" } } }, { "category": "product_version", "name": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "product": { "name": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "product_id": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-tools@2.2.26-58.ep6.el7?arch=ppc64" } } }, { "category": "product_version", "name": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "product": { "name": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "product_id": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-devel@2.2.26-58.ep6.el7?arch=ppc64" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el7?arch=ppc64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-57.ep6.el6.src", "product": { "name": "httpd-0:2.2.26-57.ep6.el6.src", "product_id": "httpd-0:2.2.26-57.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd22-0:2.2.26-58.ep6.el7.src", "product": { "name": "httpd22-0:2.2.26-58.ep6.el7.src", "product_id": "httpd22-0:2.2.26-58.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.26-58.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product_id": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product_id": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.13-9.Final_redhat_2.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_ldap-0:2.2.26-57.ep6.el6.i386", "product": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.i386", "product_id": "mod_ldap-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-tools-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-devel-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-57.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-57.ep6.el6.i386", "product": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.i386", "product_id": "mod_ssl-1:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-57.ep6.el6?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-57.ep6.el6.i386", "product": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.i386", "product_id": "httpd-manual-0:2.2.26-57.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-57.ep6.el6?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64" }, "product_reference": "httpd-0:2.2.26-57.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-57.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src" }, "product_reference": "httpd-0:2.2.26-57.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64" }, "product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64" }, "product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64" }, "product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386" }, "product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64" }, "product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386" }, "product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64" }, "product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64" }, "product_reference": "mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64" }, "product_reference": "httpd22-0:2.2.26-58.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.26-58.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src" }, "product_reference": "httpd22-0:2.2.26-58.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64" }, "product_reference": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64" }, "product_reference": "httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64" }, "product_reference": "httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64" }, "product_reference": "httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64" }, "product_reference": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64" }, "product_reference": "mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64" }, "product_reference": "mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" }, "product_reference": "mod_ssl22-1:2.2.26-58.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEAP-6.4" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369383" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "RHBZ#1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" } ], "release_date": "2016-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:27:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. The JBoss server process must be restarted for the update to take effect.", "product_ids": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "category": "workaround", "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961", "product_ids": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:27:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. The JBoss server process must be restarted for the update to take effect.", "product_ids": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" }, { "acknowledgments": [ { "names": [ "Hanno B\u00f6ck" ] } ], "cve": "CVE-2017-9798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1490344" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9798" }, { "category": "external", "summary": "RHBZ#1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "category": "external", "summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" } ], "release_date": "2017-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:27:22+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. The JBoss server process must be restarted for the update to take effect.", "product_ids": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "category": "workaround", "details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "product_ids": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.src", "6Server-JBEAP-6.4:httpd-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-debuginfo-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-devel-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-manual-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:httpd-tools-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.ppc64", "6Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.src", "6Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.i386", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ldap-0:2.2.26-57.ep6.el6.x86_64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.i386", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.ppc64", "6Server-JBEAP-6.4:mod_ssl-1:2.2.26-57.ep6.el6.x86_64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.src", "7Server-JBEAP-6.4:httpd22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-debuginfo-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-devel-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-manual-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:httpd22-tools-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.src", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.ppc64", "7Server-JBEAP-6.4:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.src", "7Server-JBEAP-6.4:mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_cluster-native-debuginfo-0:1.2.13-9.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ldap22-0:2.2.26-58.ep6.el7.x86_64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.ppc64", "7Server-JBEAP-6.4:mod_ssl22-1:2.2.26-58.ep6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)" } ] }
rhsa-2017_3193
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3193", "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "1463205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "category": "external", "summary": "1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3193.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T20:15:16+00:00", "generator": { "date": "2024-11-05T20:15:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:3193", "initial_release_date": "2017-11-13T17:35:40+00:00", "revision_history": [ { "date": "2017-11-13T17:35:40+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-13T17:35:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:15:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:7.2::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server EUS (v. 7.2)", "product": { "name": "Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:7.2::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product": { "name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:7.2::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "product_id": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7_2.6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7_2.6.x86_64", "product": { "name": "mod_session-0:2.4.6-40.el7_2.6.x86_64", "product_id": "mod_session-0:2.4.6-40.el7_2.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7_2.6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "product_id": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7_2.6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "product": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "product_id": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7_2.6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "product": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "product_id": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7_2.6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "product": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "product_id": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7_2.6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "product": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "product_id": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7_2.6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7_2.6.x86_64", "product": { "name": "httpd-0:2.4.6-40.el7_2.6.x86_64", "product_id": "httpd-0:2.4.6-40.el7_2.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "product_id": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7_2.6?arch=s390x" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7_2.6.s390x", "product": { "name": "mod_session-0:2.4.6-40.el7_2.6.s390x", "product_id": "mod_session-0:2.4.6-40.el7_2.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7_2.6?arch=s390x" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "product_id": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7_2.6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x", "product": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x", "product_id": "mod_ldap-0:2.4.6-40.el7_2.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7_2.6?arch=s390x" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x", "product": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x", "product_id": "httpd-tools-0:2.4.6-40.el7_2.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7_2.6?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x", "product": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x", "product_id": "mod_ssl-1:2.4.6-40.el7_2.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7_2.6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x", "product": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x", "product_id": "httpd-devel-0:2.4.6-40.el7_2.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7_2.6?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7_2.6.s390x", "product": { "name": "httpd-0:2.4.6-40.el7_2.6.s390x", "product_id": "httpd-0:2.4.6-40.el7_2.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "product_id": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7_2.6?arch=ppc64" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64", "product": { "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64", "product_id": "mod_session-0:2.4.6-40.el7_2.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7_2.6?arch=ppc64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "product_id": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7_2.6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "product": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "product_id": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7_2.6?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "product": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "product_id": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7_2.6?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "product": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "product_id": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7_2.6?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "product": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "product_id": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7_2.6?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7_2.6.ppc64", "product": { "name": "httpd-0:2.4.6-40.el7_2.6.ppc64", "product_id": "httpd-0:2.4.6-40.el7_2.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "product": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "product_id": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-40.el7_2.6?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le", "product": { "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le", "product_id": "mod_session-0:2.4.6-40.el7_2.6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-40.el7_2.6?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "product": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "product_id": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-40.el7_2.6?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "product": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "product_id": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-40.el7_2.6?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "product": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "product_id": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-40.el7_2.6?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "product": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "product_id": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-40.el7_2.6?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "product": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "product_id": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-40.el7_2.6?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-40.el7_2.6.ppc64le", "product": { "name": "httpd-0:2.4.6-40.el7_2.6.ppc64le", "product_id": "httpd-0:2.4.6-40.el7_2.6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.6-40.el7_2.6.src", "product": { "name": "httpd-0:2.4.6-40.el7_2.6.src", "product_id": "httpd-0:2.4.6-40.el7_2.6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-40.el7_2.6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch", "product": { "name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch", "product_id": "httpd-manual-0:2.4.6-40.el7_2.6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.4.6-40.el7_2.6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.src as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.src", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7_2.6.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.2)", "product_id": "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.src", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7_2.6.noarch", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.2)", "product_id": "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.src", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-40.el7_2.6.noarch as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch" }, "product_reference": "httpd-manual-0:2.4.6-40.el7_2.6.noarch", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_session-0:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.s390x", "relates_to_product_reference": "7Server-optional-7.2.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.2)", "product_id": "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "relates_to_product_reference": "7Server-optional-7.2.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-3167", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463194" } ], "notes": [ { "category": "description", "text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_get_basic_auth_pw() authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3167" }, { "category": "external", "summary": "RHBZ#1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3193" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_get_basic_auth_pw() authentication bypass" }, { "cve": "CVE-2017-3169", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463197" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_ssl NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3169" }, { "category": "external", "summary": "RHBZ#1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3193" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_ssl NULL pointer dereference" }, { "cve": "CVE-2017-7668", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463205" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_find_token() buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7668" }, { "category": "external", "summary": "RHBZ#1463205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7668", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3193" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_find_token() buffer overread" }, { "cve": "CVE-2017-7679", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463207" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_mime buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7679" }, { "category": "external", "summary": "RHBZ#1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3193" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_mime buffer overread" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" }, { "acknowledgments": [ { "names": [ "Hanno B\u00f6ck" ] } ], "cve": "CVE-2017-9798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1490344" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9798" }, { "category": "external", "summary": "RHBZ#1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "category": "external", "summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" } ], "release_date": "2017-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:40+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "category": "workaround", "details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "product_ids": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7ComputeNode-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7ComputeNode-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.src", "7Server-optional-7.2.EUS:httpd-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-debuginfo-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-devel-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:httpd-manual-0:2.4.6-40.el7_2.6.noarch", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:httpd-tools-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ldap-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_proxy_html-1:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_session-0:2.4.6-40.el7_2.6.x86_64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.ppc64le", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.s390x", "7Server-optional-7.2.EUS:mod_ssl-1:2.4.6-40.el7_2.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)" } ] }
rhsa-2017_2483
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd24-httpd is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A NULL pointer dereference flaw was found in the mod_http2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request. (CVE-2017-7659)\n\n* A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2483", "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "1463199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463199" }, { "category": "external", "summary": "1463205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "category": "external", "summary": "1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2483.json" } ], "title": "Red Hat Security Advisory: httpd24-httpd security update", "tracking": { "current_release_date": "2024-11-05T20:09:22+00:00", "generator": { "date": "2024-11-05T20:09:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:2483", "initial_release_date": "2017-08-16T23:04:17+00:00", "revision_history": [ { "date": "2017-08-16T23:04:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-08-16T23:04:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:09:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "product": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "product_id": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.25-9.el7.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "product": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "product_id": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.25-9.el7.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "product": { "name": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "product_id": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.25-9.el7.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "product": { "name": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "product_id": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.25-9.el7.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "product": { "name": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "product_id": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.25-9.el7.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "product": { "name": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "product_id": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el7.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "product": { "name": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "product_id": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.25-9.el7.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "product": { "name": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "product_id": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.25-9.el7.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "product": { "name": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "product_id": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ssl@2.4.25-9.el6.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "product": { "name": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "product_id": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_session@2.4.25-9.el6.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "product": { "name": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "product_id": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_ldap@2.4.25-9.el6.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "product": { "name": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "product_id": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el6.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "product": { "name": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "product_id": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-devel@2.4.25-9.el6.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "product": { "name": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "product_id": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-tools@2.4.25-9.el6.1?arch=x86_64" } } }, { "category": "product_version", "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "product": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "product_id": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-mod_proxy_html@2.4.25-9.el6.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "product": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "product_id": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-debuginfo@2.4.25-9.el6.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "product": { "name": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "product_id": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.25-9.el7.1?arch=noarch" } } }, { "category": "product_version", "name": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "product": { "name": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "product_id": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd-manual@2.4.25-9.el6.1?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "httpd24-httpd-0:2.4.25-9.el7.1.src", "product": { "name": "httpd24-httpd-0:2.4.25-9.el7.1.src", "product_id": "httpd24-httpd-0:2.4.25-9.el7.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el7.1?arch=src" } } }, { "category": "product_version", "name": "httpd24-httpd-0:2.4.25-9.el6.1.src", "product": { "name": "httpd24-httpd-0:2.4.25-9.el6.1.src", "product_id": "httpd24-httpd-0:2.4.25-9.el6.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd24-httpd@2.4.25-9.el6.1?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.1.src", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.1.src", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.1.src", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.1.src", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.1.src", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Server-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.1.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.1.src", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch" }, "product_reference": "httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" }, { "category": "default_component_of", "full_product_name": { "name": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" }, "product_reference": "httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-2.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-3167", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463194" } ], "notes": [ { "category": "description", "text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_get_basic_auth_pw() authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3167" }, { "category": "external", "summary": "RHBZ#1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-16T23:04:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_get_basic_auth_pw() authentication bypass" }, { "cve": "CVE-2017-3169", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463197" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_ssl NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3169" }, { "category": "external", "summary": "RHBZ#1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-16T23:04:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_ssl NULL pointer dereference" }, { "cve": "CVE-2017-7659", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463199" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the mod_http2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2 NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7659" }, { "category": "external", "summary": "RHBZ#1463199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463199" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7659", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7659" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7659", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7659" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-16T23:04:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_http2 NULL pointer dereference" }, { "cve": "CVE-2017-7668", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463205" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_find_token() buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7668" }, { "category": "external", "summary": "RHBZ#1463205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7668", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-16T23:04:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_find_token() buffer overread" }, { "cve": "CVE-2017-7679", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463207" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_mime buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7679" }, { "category": "external", "summary": "RHBZ#1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-16T23:04:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_mime buffer overread" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-16T23:04:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4-6.7.Z:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4-6.7.Z:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.src", "6Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el6.1.noarch", "6Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el6.1.x86_64", "6Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el6.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4-7.3.Z:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4-7.3.Z:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Server-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Server-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Server-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.src", "7Workstation-RHSCL-2.4:httpd24-httpd-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-debuginfo-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-devel-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-httpd-manual-0:2.4.25-9.el7.1.noarch", "7Workstation-RHSCL-2.4:httpd24-httpd-tools-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ldap-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_proxy_html-1:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_session-0:2.4.25-9.el7.1.x86_64", "7Workstation-RHSCL-2.4:httpd24-mod_ssl-1:2.4.25-9.el7.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" } ] }
rhsa-2017_2710
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for JBoss Core Services on Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2 serves as an update for Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2710", "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/", "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/" }, { "category": "external", "summary": "1243888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888" }, { "category": "external", "summary": "1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "JBCS-329", "url": "https://issues.redhat.com/browse/JBCS-329" }, { "category": "external", "summary": "JBCS-337", "url": "https://issues.redhat.com/browse/JBCS-337" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2710.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services security update", "tracking": { "current_release_date": "2024-11-05T20:11:38+00:00", "generator": { "date": "2024-11-05T20:11:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:2710", "initial_release_date": "2017-09-13T16:49:04+00:00", "revision_history": [ { "date": "2017-09-13T16:49:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-09-13T16:49:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:11:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 6 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-122.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-122.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-122.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-122.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-122.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-122.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-122.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-122.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-122.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-122.jbcs.el6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2h-14.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.23-122.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.23-122.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.23-122.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.23-122.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-libs@2.4.23-122.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.23-122.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.23-122.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.23-122.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-122.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.23-122.jbcs.el6?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product_id": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2h-14.jbcs.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "product_id": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-122.jbcs.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.23-122.jbcs.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-3185", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2015-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1243888" } ], "notes": [ { "category": "description", "text": "It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-3185" }, { "category": "external", "summary": "RHBZ#1243888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3185", "url": "https://www.cve.org/CVERecord?id=CVE-2015-3185" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3185", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3185" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16", "url": "http://httpd.apache.org/security/vulnerabilities_24.html#2.4.16" } ], "release_date": "2015-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:49:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2710" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4" }, { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369383" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "RHBZ#1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" } ], "release_date": "2016-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:49:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "category": "workaround", "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961", "product_ids": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-09-13T16:49:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-libs-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.23-122.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.23-122.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2h-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2h-14.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" } ] }
rhsa-2017_3239
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21st November 2017]\nPreviously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3239", "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/", "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4" }, { "category": "external", "summary": "https://access.redhat.com/articles/3229231", "url": "https://access.redhat.com/articles/3229231" }, { "category": "external", "summary": "1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "1508880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508880" }, { "category": "external", "summary": "1508884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508884" }, { "category": "external", "summary": "1508885", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508885" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3239.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update", "tracking": { "current_release_date": "2024-11-05T20:16:29+00:00", "generator": { "date": "2024-11-05T20:16:29+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:3239", "initial_release_date": "2017-11-16T19:10:21+00:00", "revision_history": [ { "date": "2017-11-16T19:10:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-21T18:05:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:16:29+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4", "product_id": "Red Hat JBoss Enterprise Application Platform 6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3560", "discovery_date": "2009-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533174" } ], "notes": [ { "category": "description", "text": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3560" }, { "category": "external", "summary": "RHBZ#533174", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533174" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3560", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3560", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3560" } ], "release_date": "2009-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:10:21+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3239" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences" }, { "cve": "CVE-2009-3720", "discovery_date": "2009-08-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "531697" } ], "notes": [ { "category": "description", "text": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: buffer over-read and crash on XML with malformed UTF-8 sequences", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3720" }, { "category": "external", "summary": "RHBZ#531697", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531697" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3720", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3720", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3720" } ], "release_date": "2009-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:10:21+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3239" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: buffer over-read and crash on XML with malformed UTF-8 sequences" }, { "cve": "CVE-2012-0876", "cwe": { "id": "CWE-407", "name": "Inefficient Algorithmic Complexity" }, "discovery_date": "2012-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "786617" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: hash table collisions CPU usage DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0876" }, { "category": "external", "summary": "RHBZ#786617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=786617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0876", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0876", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0876" } ], "release_date": "2012-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:10:21+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3239" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: hash table collisions CPU usage DoS" }, { "acknowledgments": [ { "names": [ "OpenVPN" ] }, { "names": [ "Karthikeyan Bhargavan", "Ga\u00ebtan Leurent" ], "organization": "Inria", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2016-08-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1369383" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.", "title": "Vulnerability description" }, { "category": "summary", "text": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\n\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\n\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-2183" }, { "category": "external", "summary": "RHBZ#1369383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-2183", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183" }, { "category": "external", "summary": "https://access.redhat.com/articles/2548661", "url": "https://access.redhat.com/articles/2548661" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2016:1940", "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "category": "external", "summary": "https://sweet32.info/", "url": "https://sweet32.info/" } ], "release_date": "2016-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:10:21+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "category": "workaround", "details": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\n\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\n\nhttps://access.redhat.com/articles/2598471\n\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\n\nhttps://access.redhat.com/articles/5348961", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:10:21+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" }, { "acknowledgments": [ { "names": [ "Hanno B\u00f6ck" ] } ], "cve": "CVE-2017-9798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1490344" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9798" }, { "category": "external", "summary": "RHBZ#1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "category": "external", "summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" } ], "release_date": "2017-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-16T19:10:21+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "category": "workaround", "details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)" } ] }
rhsa-2017_3195
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3195", "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3195.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T20:15:28+00:00", "generator": { "date": "2024-11-05T20:15:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:3195", "initial_release_date": "2017-11-13T17:35:58+00:00", "revision_history": [ { "date": "2017-11-13T17:35:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-13T17:35:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:15:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product": { "name": "Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:6.7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product": { "name": "Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:6.7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server EUS (v. 6.7)", "product": { "name": "Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:6.7::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.x86_64", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.x86_64", "product_id": "httpd-0:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "product": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "product_id": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "product": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "product_id": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.src", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.src", "product_id": "httpd-0:2.2.15-47.el6_7.5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=i686" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=i686" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "product": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "product_id": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.i686", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.i686", "product_id": "httpd-0:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=i686" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "product": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "product_id": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "product": { "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "product_id": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.15-47.el6_7.5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "product": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "product_id": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.s390x", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.s390x", "product_id": "httpd-0:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "product": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "product_id": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=s390" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=s390" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "product": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "product_id": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.ppc64", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.ppc64", "product_id": "httpd-0:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "product": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "product_id": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=ppc" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=ppc" } } } ], "category": "architecture", "name": "ppc" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.src", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.src", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.src", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-3167", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463194" } ], "notes": [ { "category": "description", "text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_get_basic_auth_pw() authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3167" }, { "category": "external", "summary": "RHBZ#1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_get_basic_auth_pw() authentication bypass" }, { "cve": "CVE-2017-3169", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463197" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_ssl NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3169" }, { "category": "external", "summary": "RHBZ#1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_ssl NULL pointer dereference" }, { "cve": "CVE-2017-7679", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463207" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_mime buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7679" }, { "category": "external", "summary": "RHBZ#1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_mime buffer overread" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" }, { "acknowledgments": [ { "names": [ "Hanno B\u00f6ck" ] } ], "cve": "CVE-2017-9798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1490344" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9798" }, { "category": "external", "summary": "RHBZ#1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "category": "external", "summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" } ], "release_date": "2017-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "category": "workaround", "details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)" } ] }
rhsa-2017_2478
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2478", "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2478.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T20:08:51+00:00", "generator": { "date": "2024-11-05T20:08:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:2478", "initial_release_date": "2017-08-15T18:11:45+00:00", "revision_history": [ { "date": "2017-08-15T18:11:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-08-15T18:11:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:08:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product": { "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "product": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "product_id": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-60.el6_9.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-60.el6_9.5.x86_64", "product": { "name": "httpd-0:2.2.15-60.el6_9.5.x86_64", "product_id": "httpd-0:2.2.15-60.el6_9.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "product": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "product_id": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "product": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "product_id": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-60.el6_9.5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "product": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.5?arch=i686" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "product": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "product_id": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-60.el6_9.5?arch=i686" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-60.el6_9.5.i686", "product": { "name": "httpd-0:2.2.15-60.el6_9.5.i686", "product_id": "httpd-0:2.2.15-60.el6_9.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.5?arch=i686" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "product": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "product_id": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.5?arch=i686" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "product": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "product_id": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-60.el6_9.5?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.15-60.el6_9.5.src", "product": { "name": "httpd-0:2.2.15-60.el6_9.5.src", "product_id": "httpd-0:2.2.15-60.el6_9.5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "product": { "name": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "product_id": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.15-60.el6_9.5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "product": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "product_id": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-60.el6_9.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "product": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "product_id": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "product": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.5?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "product": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "product_id": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-60.el6_9.5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-60.el6_9.5.s390x", "product": { "name": "httpd-0:2.2.15-60.el6_9.5.s390x", "product_id": "httpd-0:2.2.15-60.el6_9.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.5?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "product": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "product_id": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.5?arch=s390" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "product": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.5?arch=s390" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "product": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "product_id": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-60.el6_9.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "product": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "product_id": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "product": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.5?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "product": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "product_id": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-60.el6_9.5?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-60.el6_9.5.ppc64", "product": { "name": "httpd-0:2.2.15-60.el6_9.5.ppc64", "product_id": "httpd-0:2.2.15-60.el6_9.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-60.el6_9.5?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "product": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "product_id": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-60.el6_9.5?arch=ppc" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "product": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "product_id": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-60.el6_9.5?arch=ppc" } } } ], "category": "architecture", "name": "ppc" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.src", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-60.el6_9.5.noarch as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", "product_id": "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.src", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-60.el6_9.5.noarch as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)", "product_id": "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Client-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.src as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.src", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-60.el6_9.5.noarch as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node (v. 6)", "product_id": "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.src", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-60.el6_9.5.noarch as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)", "product_id": "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.src as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.src", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-60.el6_9.5.noarch as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Server-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.src", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-60.el6_9.5.noarch as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-60.el6_9.5.noarch", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.i686", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.s390x", "relates_to_product_reference": "6Workstation-6.9.z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "relates_to_product_reference": "6Workstation-6.9.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-3167", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463194" } ], "notes": [ { "category": "description", "text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_get_basic_auth_pw() authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3167" }, { "category": "external", "summary": "RHBZ#1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:11:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2478" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_get_basic_auth_pw() authentication bypass" }, { "cve": "CVE-2017-3169", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463197" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_ssl NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3169" }, { "category": "external", "summary": "RHBZ#1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:11:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2478" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_ssl NULL pointer dereference" }, { "cve": "CVE-2017-7679", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463207" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_mime buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7679" }, { "category": "external", "summary": "RHBZ#1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:11:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2478" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_mime buffer overread" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:11:45+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Client-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Client-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6ComputeNode-optional-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6ComputeNode-optional-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Server-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Server-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.src", "6Workstation-6.9.z:httpd-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-debuginfo-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-devel-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:httpd-manual-0:2.2.15-60.el6_9.5.noarch", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:httpd-tools-0:2.2.15-60.el6_9.5.x86_64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.i686", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.ppc64", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.s390x", "6Workstation-6.9.z:mod_ssl-1:2.2.15-60.el6_9.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" } ] }
rhsa-2017_3194
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3194", "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "1463205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "category": "external", "summary": "1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3194.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T20:15:21+00:00", "generator": { "date": "2024-11-05T20:15:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:3194", "initial_release_date": "2017-11-13T17:36:28+00:00", "revision_history": [ { "date": "2017-11-13T17:36:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-13T17:36:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:15:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:7.3::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server EUS (v. 7.3)", "product": { "name": "Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:7.3::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product": { "name": "Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:7.3::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "product_id": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.5.x86_64", "product": { "name": "mod_session-0:2.4.6-45.el7_3.5.x86_64", "product_id": "mod_session-0:2.4.6-45.el7_3.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "product_id": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "product_id": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.5.x86_64", "product": { "name": "httpd-0:2.4.6-45.el7_3.5.x86_64", "product_id": "httpd-0:2.4.6-45.el7_3.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "product_id": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.5?arch=s390x" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x", "product_id": "mod_ldap-0:2.4.6-45.el7_3.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.5?arch=s390x" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.5.s390x", "product": { "name": "mod_session-0:2.4.6-45.el7_3.5.s390x", "product_id": "mod_session-0:2.4.6-45.el7_3.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.5?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x", "product_id": "mod_ssl-1:2.4.6-45.el7_3.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x", "product_id": "httpd-tools-0:2.4.6-45.el7_3.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.5.s390x", "product": { "name": "httpd-0:2.4.6-45.el7_3.5.s390x", "product_id": "httpd-0:2.4.6-45.el7_3.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x", "product_id": "httpd-devel-0:2.4.6-45.el7_3.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.5?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.5?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "product_id": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.5?arch=ppc64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.5?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64", "product": { "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64", "product_id": "mod_session-0:2.4.6-45.el7_3.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.5?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "product_id": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.5?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "product_id": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.5.ppc64", "product": { "name": "httpd-0:2.4.6-45.el7_3.5.ppc64", "product_id": "httpd-0:2.4.6-45.el7_3.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "product_id": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.5?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "product": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "product_id": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-45.el7_3.5?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "product": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "product_id": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-45.el7_3.5?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "product": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "product_id": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-45.el7_3.5?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le", "product": { "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le", "product_id": "mod_session-0:2.4.6-45.el7_3.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-45.el7_3.5?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "product": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "product_id": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-45.el7_3.5?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "product": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "product_id": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-45.el7_3.5?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.5.ppc64le", "product": { "name": "httpd-0:2.4.6-45.el7_3.5.ppc64le", "product_id": "httpd-0:2.4.6-45.el7_3.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "product": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "product_id": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-45.el7_3.5?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch", "product": { "name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch", "product_id": "httpd-manual-0:2.4.6-45.el7_3.5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.4.6-45.el7_3.5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.6-45.el7_3.5.src", "product": { "name": "httpd-0:2.4.6-45.el7_3.5.src", "product_id": "httpd-0:2.4.6-45.el7_3.5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-45.el7_3.5?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.src as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.src", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.5.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3)", "product_id": "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.src as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.src", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.5.noarch", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.src as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.src", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-45.el7_3.5.noarch as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch" }, "product_reference": "httpd-manual-0:2.4.6-45.el7_3.5.noarch", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_session-0:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.s390x as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.s390x", "relates_to_product_reference": "7Server-optional-7.3.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64 as a component of Red Hat Enterprise Linux Server Optional EUS (v. 7.3)", "product_id": "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "relates_to_product_reference": "7Server-optional-7.3.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-3167", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463194" } ], "notes": [ { "category": "description", "text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_get_basic_auth_pw() authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3167" }, { "category": "external", "summary": "RHBZ#1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:36:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_get_basic_auth_pw() authentication bypass" }, { "cve": "CVE-2017-3169", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463197" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_ssl NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3169" }, { "category": "external", "summary": "RHBZ#1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:36:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_ssl NULL pointer dereference" }, { "cve": "CVE-2017-7668", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463205" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_find_token() buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7668" }, { "category": "external", "summary": "RHBZ#1463205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7668", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:36:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_find_token() buffer overread" }, { "cve": "CVE-2017-7679", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463207" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_mime buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7679" }, { "category": "external", "summary": "RHBZ#1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:36:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_mime buffer overread" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:36:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" }, { "acknowledgments": [ { "names": [ "Hanno B\u00f6ck" ] } ], "cve": "CVE-2017-9798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1490344" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9798" }, { "category": "external", "summary": "RHBZ#1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "category": "external", "summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" } ], "release_date": "2017-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:36:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "category": "workaround", "details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "product_ids": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7ComputeNode-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7ComputeNode-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.src", "7Server-optional-7.3.EUS:httpd-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-debuginfo-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-devel-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:httpd-manual-0:2.4.6-45.el7_3.5.noarch", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:httpd-tools-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ldap-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_proxy_html-1:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_session-0:2.4.6-45.el7_3.5.x86_64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.ppc64le", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.s390x", "7Server-optional-7.3.EUS:mod_ssl-1:2.4.6-45.el7_3.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)" } ] }
rhsa-2017_2479
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:2479", "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "1463205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "category": "external", "summary": "1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2479.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T20:09:16+00:00", "generator": { "date": "2024-11-05T20:09:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:2479", "initial_release_date": "2017-08-15T18:23:44+00:00", "revision_history": [ { "date": "2017-08-15T18:23:44+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-08-15T18:23:44+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:09:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "product": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "product_id": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-67.el7_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "product": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "product_id": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-67.el7_4.2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "product": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "product": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "product_id": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-67.el7_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-67.el7_4.2.x86_64", "product": { "name": "httpd-0:2.4.6-67.el7_4.2.x86_64", "product_id": "httpd-0:2.4.6-67.el7_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "product": { "name": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "product_id": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-67.el7_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "product": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "product_id": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "product": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "product_id": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "product": { "name": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "product_id": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.4.6-67.el7_4.2?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.4.6-67.el7_4.2.src", "product": { "name": "httpd-0:2.4.6-67.el7_4.2.src", "product_id": "httpd-0:2.4.6-67.el7_4.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "product": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "product_id": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-67.el7_4.2?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "product": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "product_id": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-67.el7_4.2?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "product": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.2?arch=s390x" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "product": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "product_id": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-67.el7_4.2?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-67.el7_4.2.s390x", "product": { "name": "httpd-0:2.4.6-67.el7_4.2.s390x", "product_id": "httpd-0:2.4.6-67.el7_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.2?arch=s390x" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-67.el7_4.2.s390x", "product": { "name": "mod_session-0:2.4.6-67.el7_4.2.s390x", "product_id": "mod_session-0:2.4.6-67.el7_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-67.el7_4.2?arch=s390x" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "product": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "product_id": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.2?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "product": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "product_id": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "product": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "product_id": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-67.el7_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "product": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "product_id": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-67.el7_4.2?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "product": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "product": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "product_id": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-67.el7_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-67.el7_4.2.ppc64", "product": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64", "product_id": "httpd-0:2.4.6-67.el7_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "product": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "product_id": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-67.el7_4.2?arch=ppc64" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "product": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "product_id": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.2?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "product": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "product_id": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.2?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "product": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "product_id": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.4.6-67.el7_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "product": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "product_id": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.4.6-67.el7_4.2?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "product": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "product": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "product_id": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.4.6-67.el7_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "product": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "product_id": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.4.6-67.el7_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "product": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "product_id": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_session@2.4.6-67.el7_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "product": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "product_id": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.2?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "product": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "product_id": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.2?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "product": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "product_id": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.6-67.el7_4.2?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "product": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "product_id": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.6-67.el7_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "product": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "product_id": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ldap@2.4.6-67.el7_4.2?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.src", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-67.el7_4.2.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch" }, "product_reference": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.src", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-67.el7_4.2.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch" }, "product_reference": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.src", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-67.el7_4.2.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch" }, "product_reference": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.src", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-67.el7_4.2.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch" }, "product_reference": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.src", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-67.el7_4.2.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch" }, "product_reference": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.src", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.4.6-67.el7_4.2.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch" }, "product_reference": "httpd-manual-0:2.4.6-67.el7_4.2.noarch", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_session-0:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_session-0:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.s390x", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" }, "product_reference": "mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "relates_to_product_reference": "7Workstation-optional-7.4.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-3167", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463194" } ], "notes": [ { "category": "description", "text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_get_basic_auth_pw() authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3167" }, { "category": "external", "summary": "RHBZ#1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:23:44+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2479" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_get_basic_auth_pw() authentication bypass" }, { "cve": "CVE-2017-3169", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463197" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_ssl NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3169" }, { "category": "external", "summary": "RHBZ#1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:23:44+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2479" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_ssl NULL pointer dereference" }, { "cve": "CVE-2017-7668", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463205" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_find_token() buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7668" }, { "category": "external", "summary": "RHBZ#1463205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7668", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7668" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:23:44+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2479" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, "products": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_find_token() buffer overread" }, { "cve": "CVE-2017-7679", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463207" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_mime buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7679" }, { "category": "external", "summary": "RHBZ#1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:23:44+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2479" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_mime buffer overread" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-08-15T18:23:44+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Client-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Client-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7ComputeNode-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7ComputeNode-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Server-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Server-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.src", "7Workstation-optional-7.4.Z:httpd-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-debuginfo-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-devel-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:httpd-manual-0:2.4.6-67.el7_4.2.noarch", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:httpd-tools-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ldap-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.aarch64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_proxy_html-1:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_session-0:2.4.6-67.el7_4.2.x86_64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.ppc64le", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.s390x", "7Workstation-optional-7.4.Z:mod_ssl-1:2.4.6-67.el7_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" } ] }
ghsa-w97h-p5ff-7q69
Vulnerability from github
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
{ "affected": [], "aliases": [ "CVE-2017-9788" ], "database_specific": { "cwe_ids": [ "CWE-200" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-07-13T16:29:00Z", "severity": "CRITICAL" }, "details": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.", "id": "GHSA-w97h-p5ff-7q69", "modified": "2022-05-13T01:09:41Z", "published": "2022-05-13T01:09:41Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201710-32" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20170911-0002" }, { "type": "WEB", "url": "https://support.apple.com/HT208221" }, { "type": "WEB", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2019-09" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "type": "WEB", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "type": "WEB", "url": "http://www.debian.org/security/2017/dsa-3913" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/99569" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1038906" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" } ] }
var-201707-1241
Vulnerability from variot
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Apache HTTP Server is prone to a memory-corruption vulnerability. Attackers can exploit this issue to cause to obtain sensitive information or cause denial-of-service conditions. Versions prior to Apache httpd 2.2.34 and 2.4.27 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3370-1 July 27, 2017
apache2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: apache2-bin 2.4.25-3ubuntu2.2
Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.4
Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.17
In general, a standard system update will make all the necessary changes.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References.
This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2017-9788)
-
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)
-
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
-
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
-
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno BAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
-
Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)
-
mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)
-
CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
-
Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1493075 - Unable to load large CRL openssl problem 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615
-
Gentoo Linux Security Advisory GLSA 201710-32
https://security.gentoo.org/
Severity: Normal Title: Apache: Multiple vulnerabilities Date: October 29, 2017 Bugs: #622240, #624868, #631308 ID: 201710-32
Synopsis
Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.4.27-r1 >= 2.4.27-r1
Description
Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details.
Impact
The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.27-r1"
References
[ 1 ] CVE-2017-3167 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167 [ 2 ] CVE-2017-3169 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169 [ 3 ] CVE-2017-7659 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659 [ 4 ] CVE-2017-7668 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668 [ 5 ] CVE-2017-7679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679 [ 6 ] CVE-2017-9788 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788 [ 7 ] CVE-2017-9789 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789 [ 8 ] CVE-2017-9798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . (BZ#1508885)
- The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2017:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2478 Issue date: 2017-08-15 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 =====================================================================
- Summary:
An update for httpd is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Security Fix(es):
-
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
-
It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
-
A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
-
A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
ppc64: httpd-2.2.15-60.el6_9.5.ppc64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc64.rpm httpd-devel-2.2.15-60.el6_9.5.ppc.rpm httpd-devel-2.2.15-60.el6_9.5.ppc64.rpm httpd-tools-2.2.15-60.el6_9.5.ppc64.rpm mod_ssl-2.2.15-60.el6_9.5.ppc64.rpm
s390x: httpd-2.2.15-60.el6_9.5.s390x.rpm httpd-debuginfo-2.2.15-60.el6_9.5.s390.rpm httpd-debuginfo-2.2.15-60.el6_9.5.s390x.rpm httpd-devel-2.2.15-60.el6_9.5.s390.rpm httpd-devel-2.2.15-60.el6_9.5.s390x.rpm httpd-tools-2.2.15-60.el6_9.5.s390x.rpm mod_ssl-2.2.15-60.el6_9.5.s390x.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZkzq3XlSAg2UNWIIRAjxIAJ9JoJcSMguc2VTpgJl2P5BGoM2IrACfXd/8 Jxb2g1bdehw6Jjq0qF13AEM= =ZvYI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The References section of this erratum contains a download link (you must log in to download the update). This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. An httpd module using this API function could consequently allow access that should have been denied. JIRA issues fixed (https://issues.jboss.org/):
JBCS-329 - Unable to load large CRL openssl problem
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1241", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0.0" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.3" }, { "model": "http server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "2.2.33" }, { "model": "storage automation store", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.4.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.4.0" }, { "model": "jboss enterprise web server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.7" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "jboss core services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.13.1" }, { "model": "http server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "2.4.26" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.10" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.6" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.4" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.2" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.9" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.1" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.12" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.2.32" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.3" }, { "model": "http server", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.4.7" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "17.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.26" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.25" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.23" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.20" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.19" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.18" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.17" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.16" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.14" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.33" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.26" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.25" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.24" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.23" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.15" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.14" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.13" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.12" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.9" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.7" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.6" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.24" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.13" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.4.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.32" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.29" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.22" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.21" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.20" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.19" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.18" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.17" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.16" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.1" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.2.34" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.4.27" } ], "sources": [ { "db": "BID", "id": "99569" }, { "db": "CNNVD", "id": "CNNVD-201706-931" }, { "db": "NVD", "id": "CVE-2017-9788" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.2.33", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.26", "versionStartIncluding": "2.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.13.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-9788" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "144869" }, { "db": "PACKETSTORM", "id": "145018" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "PACKETSTORM", "id": "144865" }, { "db": "PACKETSTORM", "id": "144134" } ], "trust": 0.7 }, "cve": "CVE-2017-9788", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-117991", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-9788", "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-9788", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201706-931", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-117991", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-9788", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-117991" }, { "db": "VULMON", "id": "CVE-2017-9788" }, { "db": "CNNVD", "id": "CNNVD-201706-931" }, { "db": "NVD", "id": "CVE-2017-9788" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Apache HTTP Server is prone to a memory-corruption vulnerability. \nAttackers can exploit this issue to cause to obtain sensitive information or cause denial-of-service conditions. \nVersions prior to Apache httpd 2.2.34 and 2.4.27 are vulnerable. ==========================================================================\nUbuntu Security Notice USN-3370-1\nJuly 27, 2017\n\napache2 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nApache HTTP Server could be made to crash or leak sensitive information if\nit received specially crafted network traffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n apache2-bin 2.4.25-3ubuntu2.2\n\nUbuntu 16.04 LTS:\n apache2-bin 2.4.18-2ubuntu3.4\n\nUbuntu 14.04 LTS:\n apache2-bin 2.4.7-1ubuntu4.17\n\nIn general, a standard system update will make all the necessary changes. \n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes\ndocument linked to in the References. \n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a\nupdate for Red Hat JBoss Web Server 2, and includes bug fixes, which are\ndocumented in the Release Notes document linked to in the References. \n(CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was\nconfigured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was\nconfigured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the\nTLS/SSL protocol. A man-in-the-middle attacker could use this flaw to\nrecover some plaintext data by capturing large amounts of encrypted traffic\nbetween TLS/SSL server and client if the communication used a DES/3DES\nbased ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno\nBAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan\nBhargavan (Inria) and GaA\u003c\u003ctan Leurent (Inria) as the original reporters of\nCVE-2016-2183. \n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different\nfunctions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated\nassembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)\n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest\n1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)\n1493075 - Unable to load large CRL openssl problem\n1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload\n1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201710-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache: Multiple vulnerabilities\n Date: October 29, 2017\n Bugs: #622240, #624868, #631308\n ID: 201710-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache, the worst of which\nmay result in the loss of secrets. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.4.27-r1 \u003e= 2.4.27-r1 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache. Please review\nthe referenced CVE identifiers for details. \n\nImpact\n======\n\nThe Optionsbleed vulnerability can leak arbitrary memory from the\nserver process that may contain secrets. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.27-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-3167\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167\n[ 2 ] CVE-2017-3169\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169\n[ 3 ] CVE-2017-7659\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659\n[ 4 ] CVE-2017-7668\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668\n[ 5 ] CVE-2017-7679\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679\n[ 6 ] CVE-2017-9788\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788\n[ 7 ] CVE-2017-9789\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789\n[ 8 ] CVE-2017-9798\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201710-32\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. (BZ#1508885)\n\n4. The JBoss server\nprocess must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2017:2478-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2478\nIssue date: 2017-08-15\nCVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 \n CVE-2017-9788 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not\nproperly initialize memory before using it when processing certain headers\nrelated to digest authentication. A remote attacker could possibly use this\nflaw to disclose potentially sensitive information or cause httpd child\nprocess to crash by sending specially crafted requests to a server. \n(CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to authentication\nbypass. A remote attacker could possibly use this flaw to bypass required\nauthentication if the API was used incorrectly by one of the modules used\nby httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. \nA remote attacker could use this flaw to cause an httpd child process to\ncrash if another module used by httpd called a certain API function during\nthe processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user\npermitted to modify httpd\u0027s MIME configuration could use this flaw to cause\nhttpd child process to crash. (CVE-2017-7679)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass\n1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference\n1463207 - CVE-2017-7679 httpd: mod_mime buffer overread\n1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nppc64:\nhttpd-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.ppc.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.ppc.rpm\nhttpd-devel-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.ppc64.rpm\nmod_ssl-2.2.15-60.el6_9.5.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.s390.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-devel-2.2.15-60.el6_9.5.s390.rpm\nhttpd-devel-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-tools-2.2.15-60.el6_9.5.s390x.rpm\nmod_ssl-2.2.15-60.el6_9.5.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-3167\nhttps://access.redhat.com/security/cve/CVE-2017-3169\nhttps://access.redhat.com/security/cve/CVE-2017-7679\nhttps://access.redhat.com/security/cve/CVE-2017-9788\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZkzq3XlSAg2UNWIIRAjxIAJ9JoJcSMguc2VTpgJl2P5BGoM2IrACfXd/8\nJxb2g1bdehw6Jjq0qF13AEM=\n=ZvYI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. An httpd module using\nthis API function could consequently allow access that should have been\ndenied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-329 - Unable to load large CRL openssl problem\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2017-9788" }, { "db": "BID", "id": "99569" }, { "db": "VULHUB", "id": "VHN-117991" }, { "db": "VULMON", "id": "CVE-2017-9788" }, { "db": "PACKETSTORM", "id": "143358" }, { "db": "PACKETSTORM", "id": "143534" }, { "db": "PACKETSTORM", "id": "144869" }, { "db": "PACKETSTORM", "id": "144791" }, { "db": "PACKETSTORM", "id": "145018" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "PACKETSTORM", "id": "144865" }, { "db": "PACKETSTORM", "id": "144134" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-9788", "trust": 3.1 }, { "db": "BID", "id": "99569", "trust": 2.0 }, { "db": "TENABLE", "id": "TNS-2019-09", "trust": 1.7 }, { "db": "SECTRACK", "id": "1038906", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201706-931", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "143358", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "143534", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "143615", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-117991", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-9788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144869", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144791", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145018", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143766", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144968", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144969", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144865", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144134", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-117991" }, { "db": "VULMON", "id": "CVE-2017-9788" }, { "db": "BID", "id": "99569" }, { "db": "PACKETSTORM", "id": "143358" }, { "db": "PACKETSTORM", "id": "143534" }, { "db": "PACKETSTORM", "id": "144869" }, { "db": "PACKETSTORM", "id": "144791" }, { "db": "PACKETSTORM", "id": "145018" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "PACKETSTORM", "id": "144865" }, { "db": "PACKETSTORM", "id": "144134" }, { "db": "CNNVD", "id": "CNNVD-201706-931" }, { "db": "NVD", "id": "CVE-2017-9788" } ] }, "id": "VAR-201707-1241", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-117991" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:48:16.667000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89486" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172710 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172709 - security advisory" }, { "title": "Ubuntu Security Notice: apache2 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3370-2" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172708 - security advisory" }, { "title": "Debian Security Advisories: DSA-3913-1 apache2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9fddec113878a445ed8009b9b095457" }, { "title": "Debian CVElist Bug Report Logs: apache2: CVE-2017-9788", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5acf2d8c1512b0afa80a30a349e7a2c3" }, { "title": "Ubuntu Security Notice: apache2 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3370-1" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20173240 - security advisory" }, { "title": "Red Hat: Important: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20173194 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20173239 - security advisory" }, { "title": "Red Hat: Important: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20173193 - security advisory" }, { "title": "Red Hat: Important: httpd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20173195 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20173113 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20173114 - security advisory" }, { "title": "Arch Linux Advisories: [ASA-201707-15] apache: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201707-15" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-9788" }, { "title": "Amazon Linux AMI: ALAS-2017-892", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-892" }, { "title": "Symantec Security Advisories: Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=d2f801f4ee4b743c8db2cea35625dd16" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c" }, { "title": "Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-09" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=549dc795290b298746065b62b4bb7928" }, { "title": "MITRE_NIST", "trust": 0.1, "url": "https://github.com/columbuscollaboratory/mitre_nist " }, { "title": "tab_pie_external_honggfuzz", "trust": 0.1, "url": "https://github.com/credenceid/tab_pie_external_honggfuzz " }, { "title": "platform_external_honggfuzz", "trust": 0.1, "url": "https://github.com/dennissimos/platform_external_honggfuzz " }, { "title": "nrich", "trust": 0.1, "url": "https://github.com/retr0-13/nrich " }, { "title": "", "trust": 0.1, "url": "https://github.com/rosesecurity-research/red-teaming-ttps " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/khadas/android_external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/bananadroid/android_external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/random-aosp-stuff/android_external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/thexperienceproject/android_external_honggfuzz " }, { "title": "honggfuzz_READ", "trust": 0.1, "url": "https://github.com/imbaya2466/honggfuzz_read " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/forklineageos/external_honggfuzz " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/wave-project/external_honggfuzz " }, { "title": "Red-Teaming-TTPs", "trust": 0.1, "url": "https://github.com/rosesecurity/red-teaming-ttps " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/swordphoenix/external_honggfuzz " }, { "title": "platform_external_honggfuzz", "trust": 0.1, "url": "https://github.com/aosp-caf-upstream/platform_external_honggfuzz " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/crdroid-r/external_honggfuzz " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/yaap/external_honggfuzz " }, { "title": "Shodan-nrich", "trust": 0.1, "url": "https://github.com/pawankumarpandit/shodan-nrich " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/tinkeredger-android/external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/corvus-r/android_external_honggfuzz " }, { "title": "external-honggfuzz", "trust": 0.1, "url": "https://github.com/tinkerboard2-android/external-honggfuzz " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/ozone-os/external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/statixos/android_external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/crdroidandroid/android_external_honggfuzz " }, { "title": "", "trust": 0.1, "url": "https://github.com/aosp10-public/external_honggfuzz " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/caf-extended/external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/jingpad-bsp/android_external_honggfuzz " }, { "title": "", "trust": 0.1, "url": "https://github.com/tinkerboard-android/rockchip-android-external-honggfuzz " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/project-1ce/external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/protonaosp/android_external_honggfuzz " }, { "title": "android_external_honggfuzz", "trust": 0.1, "url": "https://github.com/protonaosp-platina/android_external_honggfuzz " }, { "title": "external-honggfuzz", "trust": 0.1, "url": "https://github.com/tinkerboard-android/external-honggfuzz " }, { "title": "", "trust": 0.1, "url": "https://github.com/tomoms/android_external_honggfuzz " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/tinkerboard2-android/external_honggfuzz " }, { "title": "external_honggfuzz", "trust": 0.1, "url": "https://github.com/havocr/external_honggfuzz " }, { "title": "lllnx", "trust": 0.1, "url": "https://github.com/lllnx/lllnx " }, { "title": "", "trust": 0.1, "url": "https://github.com/ep-infosec/50_google_honggfuzz " }, { "title": "TEC-MBSD2017", "trust": 0.1, "url": "https://github.com/keloud/tec-mbsd2017 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-9788" }, { "db": "CNNVD", "id": "CNNVD-201706-931" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-117991" }, { "db": "NVD", "id": "CVE-2017-9788" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/99569" }, { "trust": 2.3, "url": "http://www.debian.org/security/2017/dsa-3913" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201710-32" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:2478" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:2708" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:3113" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:3114" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:3194" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:3195" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:3240" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20170911-0002/" }, { "trust": 1.7, "url": "https://support.apple.com/ht208221" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2019-09" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:2479" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:2483" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:2709" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:2710" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:3193" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:3239" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1038906" }, { "trust": 1.6, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03908en_us" }, { "trust": 1.1, "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 1.1, "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9788" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3cannounce.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2017-9788" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_22.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs." }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs." }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2017-9798" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2183" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7679" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3169" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3167" }, { "trust": 0.3, "url": "http://www.apache.org/" }, { "trust": 0.3, "url": "https://httpd.apache.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2017/q3/127" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3169" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-7679" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3167" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-12617" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-12615" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12615" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/3227901" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7668" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03908en_us" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e" }, { "trust": 0.1, "url": "https://httpd.apache.org/security_report.html" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3370-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.25-3ubuntu2.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.17" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7668" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7659" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3167" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9798" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7679" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7659" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-9788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-9789" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://access.redhat.com/articles/3229231" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7668" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.2" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.23" } ], "sources": [ { "db": "VULHUB", "id": "VHN-117991" }, { "db": "BID", "id": "99569" }, { "db": "PACKETSTORM", "id": "143358" }, { "db": "PACKETSTORM", "id": "143534" }, { "db": "PACKETSTORM", "id": "144869" }, { "db": "PACKETSTORM", "id": "144791" }, { "db": "PACKETSTORM", "id": "145018" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "PACKETSTORM", "id": "144865" }, { "db": "PACKETSTORM", "id": "144134" }, { "db": "CNNVD", "id": "CNNVD-201706-931" }, { "db": "NVD", "id": "CVE-2017-9788" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-117991" }, { "db": "VULMON", "id": "CVE-2017-9788" }, { "db": "BID", "id": "99569" }, { "db": "PACKETSTORM", "id": "143358" }, { "db": "PACKETSTORM", "id": "143534" }, { "db": "PACKETSTORM", "id": "144869" }, { "db": "PACKETSTORM", "id": "144791" }, { "db": "PACKETSTORM", "id": "145018" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "PACKETSTORM", "id": "144865" }, { "db": "PACKETSTORM", "id": "144134" }, { "db": "CNNVD", "id": "CNNVD-201706-931" }, { "db": "NVD", "id": "CVE-2017-9788" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-13T00:00:00", "db": "VULHUB", "id": "VHN-117991" }, { "date": "2017-07-13T00:00:00", "db": "VULMON", "id": "CVE-2017-9788" }, { "date": "2017-07-11T00:00:00", "db": "BID", "id": "99569" }, { "date": "2017-07-13T04:44:44", "db": "PACKETSTORM", "id": "143358" }, { "date": "2017-07-27T19:32:22", "db": "PACKETSTORM", "id": "143534" }, { "date": "2017-11-02T23:50:49", "db": "PACKETSTORM", "id": "144869" }, { "date": "2017-10-30T15:38:41", "db": "PACKETSTORM", "id": "144791" }, { "date": "2017-11-17T00:10:45", "db": "PACKETSTORM", "id": "145018" }, { "date": "2017-08-15T22:24:00", "db": "PACKETSTORM", "id": "143766" }, { "date": "2017-11-14T04:32:05", "db": "PACKETSTORM", "id": "144968" }, { "date": "2017-11-14T04:32:14", "db": "PACKETSTORM", "id": "144969" }, { "date": "2017-11-02T23:39:48", "db": "PACKETSTORM", "id": "144865" }, { "date": "2017-09-14T19:44:18", "db": "PACKETSTORM", "id": "144134" }, { "date": "2017-06-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-931" }, { "date": "2017-07-13T16:29:00.227000", "db": "NVD", "id": "CVE-2017-9788" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-15T00:00:00", "db": "VULHUB", "id": "VHN-117991" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2017-9788" }, { "date": "2017-08-16T08:10:00", "db": "BID", "id": "99569" }, { "date": "2021-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-931" }, { "date": "2023-11-07T02:50:52.257000", "db": "NVD", "id": "CVE-2017-9788" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "143534" }, { "db": "PACKETSTORM", "id": "143766" }, { "db": "PACKETSTORM", "id": "144968" }, { "db": "PACKETSTORM", "id": "144969" }, { "db": "CNNVD", "id": "CNNVD-201706-931" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache httpd Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-931" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-931" } ], "trust": 0.6 } }
gsd-2017-9788
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2017-9788", "description": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.", "id": "GSD-2017-9788", "references": [ "https://www.suse.com/security/cve/CVE-2017-9788.html", "https://www.debian.org/security/2017/dsa-3913", "https://access.redhat.com/errata/RHSA-2017:3240", "https://access.redhat.com/errata/RHSA-2017:3239", "https://access.redhat.com/errata/RHSA-2017:3195", "https://access.redhat.com/errata/RHSA-2017:3194", "https://access.redhat.com/errata/RHSA-2017:3193", "https://access.redhat.com/errata/RHSA-2017:3114", "https://access.redhat.com/errata/RHSA-2017:3113", "https://access.redhat.com/errata/RHSA-2017:2710", "https://access.redhat.com/errata/RHSA-2017:2709", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2483", "https://access.redhat.com/errata/RHSA-2017:2479", "https://access.redhat.com/errata/RHSA-2017:2478", "https://ubuntu.com/security/CVE-2017-9788", "https://advisories.mageia.org/CVE-2017-9788.html", "https://security.archlinux.org/CVE-2017-9788", "https://alas.aws.amazon.com/cve/html/CVE-2017-9788.html", "https://linux.oracle.com/cve/CVE-2017-9788.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-9788" ], "details": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.", "id": "GSD-2017-9788", "modified": "2023-12-13T01:21:07.452270Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-07-13T00:00:00", "ID": "CVE-2017-9788", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_value": "2.2.0 to 2.2.33" }, { "version_value": "2.4.1 to 2.4.26" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Uninitialized memory reflection in mod_auth_digest" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3113", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "name": "https://support.apple.com/HT208221", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208221" }, { "name": "RHSA-2017:2479", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "name": "RHSA-2017:2483", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "name": "https://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "https://security.netapp.com/advisory/ntap-20170911-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170911-0002/" }, { "name": "RHSA-2017:3240", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "name": "RHSA-2017:2709", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "name": "RHSA-2017:3195", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "name": "[announce] 20170713 CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E" }, { "name": "99569", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99569" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3239", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "name": "RHSA-2017:3114", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "RHSA-2017:3194", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "name": "1038906", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038906" }, { "name": "RHSA-2017:3193", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "name": "RHSA-2017:2710", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "name": "DSA-3913", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3913" }, { "name": "RHSA-2017:2708", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "name": "GLSA-201710-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-32" }, { "name": "RHSA-2017:2478", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2019-09", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-09" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.26", "versionStartIncluding": "2.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.2.33", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.13.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2017-9788" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-200" }, { "lang": "en", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "[announce] 20170713 CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest", "refsource": "MLIST", "tags": [ "Mailing List", "Vendor Advisory", "Mitigation" ], "url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E" }, { "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "https://httpd.apache.org/security/vulnerabilities_22.html", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "name": "1038906", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038906" }, { "name": "99569", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99569" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "GLSA-201710-32", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-32" }, { "name": "DSA-3913", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3913" }, { "name": "https://security.netapp.com/advisory/ntap-20170911-0002/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170911-0002/" }, { "name": "https://support.apple.com/HT208221", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/HT208221" }, { "name": "RHSA-2017:3240", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "name": "RHSA-2017:3239", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "name": "RHSA-2017:3195", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "name": "RHSA-2017:3194", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "name": "RHSA-2017:3193", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "name": "RHSA-2017:3114", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "name": "RHSA-2017:3113", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "name": "RHSA-2017:2710", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "name": "RHSA-2017:2709", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "name": "RHSA-2017:2708", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "name": "RHSA-2017:2483", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "name": "RHSA-2017:2479", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "name": "RHSA-2017:2478", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03908en_us" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "https://www.tenable.com/security/tns-2019-09", "refsource": "CONFIRM", "tags": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.2 } }, "lastModifiedDate": "2021-06-06T11:15Z", "publishedDate": "2017-07-13T16:29Z" } } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.