FKIE_CVE-2017-12613

Vulnerability from fkie_nvd - Published: 2017-10-24 01:29 - Updated: 2025-04-20 01:37
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
References
security@apache.orghttp://www.apache.org/dist/apr/Announcement1.x.htmlRelease Notes, Vendor Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/08/23/1Mailing List, Third Party Advisory
security@apache.orghttp://www.securityfocus.com/bid/101560Broken Link
security@apache.orghttp://www.securitytracker.com/id/1042004Third Party Advisory, VDB Entry
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:3270Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:3475Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:3476Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:3477Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2018:0316Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2018:0465Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2018:0466Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2018:1253Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3EIssue Tracking, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E
security@apache.orghttps://lists.debian.org/debian-lts-announce/2017/11/msg00005.htmlMailing List, Third Party Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2022/01/msg00023.htmlMailing List, Third Party Advisory
security@apache.orghttps://svn.apache.org/viewvc?view=revision&revision=1807976Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.apache.org/dist/apr/Announcement1.x.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/08/23/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101560Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1042004Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3475Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3476Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3477Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0316Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0465Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0466Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1253Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3EIssue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2017/11/msg00005.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/01/msg00023.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://svn.apache.org/viewvc?view=revision&revision=1807976Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
apache portable_runtime *
debian debian_linux 7.0
debian debian_linux 9.0
redhat jboss_core_services -
redhat jboss_core_services 1.0
redhat jboss_enterprise_web_server 3.0.0
redhat software_collections 1.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C450F13-ADED-49A6-A018-EF2EDD2ECF36",
              "versionEndExcluding": "1.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E2F2F98-DB90-43F6-8F28-3656207B6188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input."
    },
    {
      "lang": "es",
      "value": "Cuando las funciones apr_time_exp*() o apr_os_exp_time*() se invocan con un valor del campo no v\u00e1lido en Apache Portable Runtime APR 1.6.2 y anteriores, se podr\u00eda acceder a la memoria fuera de l\u00edmites convirtiendo este valor en un valor apr_time_exp_t, revelando potencialmente el contenido de otro valor de memoria din\u00e1mica est\u00e1tica. Tambi\u00e9n podr\u00eda desembocar en la terminaci\u00f3n del programa, representando una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n o de denegaci\u00f3n de servicio en aplicaciones que llaman a esas funciones APR con entradas externas no validadas."
    }
  ],
  "id": "CVE-2017-12613",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-24T01:29:02.000",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.apache.org/dist/apr/Announcement1.x.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101560"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042004"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3270"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3475"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3476"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3477"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0316"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0465"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0466"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1253"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.apache.org/dist/apr/Announcement1.x.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1042004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.