rhsa-2016_0061
Vulnerability from csaf_redhat
Published
2016-01-21 15:54
Modified
2024-11-05 19:11
Summary
Red Hat Security Advisory: httpd and httpd22 security update
Notes
Topic
Updated httpd and httpd22 packages that fix two security issues are now
available for Red Hat JBoss Web Server 2.1.0 for Red Hat Enterprise Linux
5, 6, and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which
give detailed severity ratings, are available from the CVE links in the
References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat
Native library.
Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would decode
differently from an HTTP proxy software in front of it, possibly leading to
HTTP request smuggling attacks. (CVE-2015-3183)
A flaw was found in the way httpd handled HTTP Trailer headers when
processing requests using chunked encoding. A malicious client could use
Trailer headers to set additional HTTP headers after header processing was
performed by other modules. This could, for example, lead to a bypass of
header restrictions defined with mod_headers. (CVE-2013-5704)
Users of httpd or httpd22 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the updated packages, the httpd or httpd22 service must be restarted
manually for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated httpd and httpd22 packages that fix two security issues are now\navailable for Red Hat JBoss Web Server 2.1.0 for Red Hat Enterprise Linux\n5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available from the CVE links in the\nReferences section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nA flaw was found in the way httpd handled HTTP Trailer headers when\nprocessing requests using chunked encoding. A malicious client could use\nTrailer headers to set additional HTTP headers after header processing was\nperformed by other modules. This could, for example, lead to a bypass of\nheader restrictions defined with mod_headers. (CVE-2013-5704)\n\nUsers of httpd or httpd22 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthe updated packages, the httpd or httpd22 service must be restarted\nmanually for this update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2016:0061", "url": "https://access.redhat.com/errata/RHSA-2016:0061" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1082903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082903" }, { "category": "external", "summary": "1243887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243887" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0061.json" } ], "title": "Red Hat Security Advisory: httpd and httpd22 security update", "tracking": { "current_release_date": "2024-11-05T19:11:34+00:00", "generator": { "date": "2024-11-05T19:11:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2016:0061", "initial_release_date": "2016-01-21T15:54:46+00:00", "revision_history": [ { "date": "2016-01-21T15:54:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2016-01-21T15:54:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T19:11:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el5" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "product": { "name": "httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "product_id": "httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.26-42.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "product": { "name": "httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "product_id": "httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-manual@2.2.26-42.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "product": { "name": "httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "product_id": "httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-devel@2.2.26-42.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl22-1:2.2.26-42.ep6.el7.x86_64", "product": { "name": "mod_ssl22-1:2.2.26-42.ep6.el7.x86_64", "product_id": "mod_ssl22-1:2.2.26-42.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl22@2.2.26-42.ep6.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd22-0:2.2.26-42.ep6.el7.x86_64", "product": { "name": "httpd22-0:2.2.26-42.ep6.el7.x86_64", "product_id": "httpd22-0:2.2.26-42.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.26-42.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "product": { "name": "httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "product_id": "httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-tools@2.2.26-42.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "product": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "product_id": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.9-6.Final_redhat_2.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "product_id": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.9-6.Final_redhat_2.ep6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "product": { "name": "httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "product_id": "httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-41.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "product_id": "httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-41.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "product": { "name": "httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "product_id": "httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-41.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "product": { "name": "httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "product_id": "httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-41.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "product": { "name": "mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "product_id": "mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-41.ep6.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-41.ep6.el6.x86_64", "product": { "name": "httpd-0:2.2.26-41.ep6.el6.x86_64", "product_id": "httpd-0:2.2.26-41.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-41.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "product": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "product_id": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.9-6.Final_redhat_2.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "product_id": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.9-6.Final_redhat_2.ep6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-41.ep6.el5.x86_64", "product": { "name": "httpd-0:2.2.26-41.ep6.el5.x86_64", "product_id": "httpd-0:2.2.26-41.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-41.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "product": { "name": "mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "product_id": "mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-41.ep6.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "product": { "name": "httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "product_id": "httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-41.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "product": { "name": "httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "product_id": "httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-41.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "product": { "name": "httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "product_id": "httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-41.ep6.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "product": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "product_id": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.9-6.Final_redhat_2.ep6.el5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd22-0:2.2.26-42.ep6.el7.src", "product": { "name": "httpd22-0:2.2.26-42.ep6.el7.src", "product_id": "httpd22-0:2.2.26-42.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.26-42.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "product": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "product_id": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.9-6.Final_redhat_2.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-41.ep6.el6.src", "product": { "name": "httpd-0:2.2.26-41.ep6.el6.src", "product_id": "httpd-0:2.2.26-41.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-41.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "product": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "product_id": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.9-6.Final_redhat_2.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-41.ep6.el5.src", "product": { "name": "httpd-0:2.2.26-41.ep6.el5.src", "product_id": "httpd-0:2.2.26-41.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-41.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "product": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "product_id": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.9-6.Final_redhat_2.ep6.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "product": { "name": "httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "product_id": "httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.26-41.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-41.ep6.el6.i386", "product": { "name": "httpd-devel-0:2.2.26-41.ep6.el6.i386", "product_id": "httpd-devel-0:2.2.26-41.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-41.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-41.ep6.el6.i386", "product": { "name": "httpd-tools-0:2.2.26-41.ep6.el6.i386", "product_id": "httpd-tools-0:2.2.26-41.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-41.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-41.ep6.el6.i386", "product": { "name": "httpd-manual-0:2.2.26-41.ep6.el6.i386", "product_id": "httpd-manual-0:2.2.26-41.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-41.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-41.ep6.el6.i386", "product": { "name": "mod_ssl-1:2.2.26-41.ep6.el6.i386", "product_id": "mod_ssl-1:2.2.26-41.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-41.ep6.el6?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-41.ep6.el6.i386", "product": { "name": "httpd-0:2.2.26-41.ep6.el6.i386", "product_id": "httpd-0:2.2.26-41.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-41.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "product": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "product_id": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.9-6.Final_redhat_2.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "product": { "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "product_id": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native-debuginfo@1.2.9-6.Final_redhat_2.ep6.el6?arch=i386" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.26-41.ep6.el5.i386", "product": { "name": "httpd-manual-0:2.2.26-41.ep6.el5.i386", "product_id": "httpd-manual-0:2.2.26-41.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.26-41.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.26-41.ep6.el5.i386", "product": { "name": "httpd-devel-0:2.2.26-41.ep6.el5.i386", "product_id": "httpd-devel-0:2.2.26-41.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.26-41.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.26-41.ep6.el5.i386", "product": { "name": "httpd-tools-0:2.2.26-41.ep6.el5.i386", "product_id": "httpd-tools-0:2.2.26-41.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.26-41.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.26-41.ep6.el5.i386", "product": { "name": "mod_ssl-1:2.2.26-41.ep6.el5.i386", "product_id": "mod_ssl-1:2.2.26-41.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.26-41.ep6.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.26-41.ep6.el5.i386", "product": { "name": "httpd-0:2.2.26-41.ep6.el5.i386", "product_id": "httpd-0:2.2.26-41.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.26-41.ep6.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "product": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "product_id": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-native@1.2.9-6.Final_redhat_2.ep6.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-41.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.i386" }, "product_reference": "httpd-0:2.2.26-41.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-41.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.src" }, "product_reference": "httpd-0:2.2.26-41.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-41.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.x86_64" }, "product_reference": "httpd-0:2.2.26-41.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-41.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.i386" }, "product_reference": "httpd-devel-0:2.2.26-41.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-41.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.x86_64" }, "product_reference": "httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-41.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.i386" }, "product_reference": "httpd-manual-0:2.2.26-41.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-41.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.x86_64" }, "product_reference": "httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-41.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.i386" }, "product_reference": "httpd-tools-0:2.2.26-41.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-41.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.x86_64" }, "product_reference": "httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386" }, "product_reference": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src" }, "product_reference": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64" }, "product_reference": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-41.ep6.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.i386" }, "product_reference": "mod_ssl-1:2.2.26-41.ep6.el5.i386", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-41.ep6.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server", "product_id": "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.x86_64" }, "product_reference": "mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-41.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.i386" }, "product_reference": "httpd-0:2.2.26-41.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-41.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.src" }, "product_reference": "httpd-0:2.2.26-41.ep6.el6.src", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.26-41.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.x86_64" }, "product_reference": "httpd-0:2.2.26-41.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.26-41.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.i386" }, "product_reference": "httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-41.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.i386" }, "product_reference": "httpd-devel-0:2.2.26-41.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.26-41.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.x86_64" }, "product_reference": "httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-41.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.i386" }, "product_reference": "httpd-manual-0:2.2.26-41.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.26-41.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.x86_64" }, "product_reference": "httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-41.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.i386" }, "product_reference": "httpd-tools-0:2.2.26-41.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.26-41.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.x86_64" }, "product_reference": "httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386" }, "product_reference": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src" }, "product_reference": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64" }, "product_reference": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-41.ep6.el6.i386 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.i386" }, "product_reference": "mod_ssl-1:2.2.26-41.ep6.el6.i386", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.26-41.ep6.el6.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server", "product_id": "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.x86_64" }, "product_reference": "mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "relates_to_product_reference": "6Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.26-42.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.src" }, "product_reference": "httpd22-0:2.2.26-42.ep6.el7.src", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.26-42.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.x86_64" }, "product_reference": "httpd22-0:2.2.26-42.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64" }, "product_reference": "httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-devel-0:2.2.26-42.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-devel-0:2.2.26-42.ep6.el7.x86_64" }, "product_reference": "httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-manual-0:2.2.26-42.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-manual-0:2.2.26-42.ep6.el7.x86_64" }, "product_reference": "httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-tools-0:2.2.26-42.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:httpd22-tools-0:2.2.26-42.ep6.el7.x86_64" }, "product_reference": "httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src" }, "product_reference": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64" }, "product_reference": "mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64" }, "product_reference": "mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl22-1:2.2.26-42.ep6.el7.x86_64 as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server", "product_id": "7Server-JBEWS-2:mod_ssl22-1:2.2.26-42.ep6.el7.x86_64" }, "product_reference": "mod_ssl22-1:2.2.26-42.ep6.el7.x86_64", "relates_to_product_reference": "7Server-JBEWS-2" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-5704", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2014-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1082903" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: bypass of mod_headers rules via chunked requests", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of the httpd package as shipped with Red Hat JBoss Enterprise Application Platform 6; and Red Hat JBoss Web Server 2. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Certificate System does not use the mod_headers module, even when installed, and is thus not affected by this flaw.\n\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\n\nRed Hat JBoss Enterprise Application Platform 5 and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-42.ep6.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-5704" }, { "category": "external", "summary": "RHBZ#1082903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082903" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-5704", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5704" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-5704", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5704" } ], "release_date": "2013-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-01-21T15:54:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-42.ep6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:0061" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-42.ep6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: bypass of mod_headers rules via chunked requests" }, { "cve": "CVE-2015-3183", "cwe": { "id": "CWE-172", "name": "Encoding Error" }, "discovery_date": "2015-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1243887" } ], "notes": [ { "category": "description", "text": "Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: HTTP request smuggling attack against chunked request parser", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-42.ep6.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2015-3183" }, { "category": "external", "summary": "RHBZ#1243887", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243887" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3183", "url": "https://www.cve.org/CVERecord?id=CVE-2015-3183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3183" } ], "release_date": "2015-07-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-01-21T15:54:46+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-42.ep6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:0061" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.src", "5Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el5.x86_64", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.i386", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.src", "5Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el5.x86_64", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.i386", "5Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el5.x86_64", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.src", "6Server-JBEWS-2:httpd-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-debuginfo-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-devel-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-manual-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:httpd-tools-0:2.2.26-41.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.src", "6Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.i386", "6Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el6.x86_64", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.i386", "6Server-JBEWS-2:mod_ssl-1:2.2.26-41.ep6.el6.x86_64", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.src", "7Server-JBEWS-2:httpd22-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-debuginfo-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-devel-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-manual-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:httpd22-tools-0:2.2.26-42.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.src", "7Server-JBEWS-2:mod_cluster-native-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_cluster-native-debuginfo-0:1.2.9-6.Final_redhat_2.ep6.el7.x86_64", "7Server-JBEWS-2:mod_ssl22-1:2.2.26-42.ep6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: HTTP request smuggling attack against chunked request parser" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.