rhsa-2017_3195
Vulnerability from csaf_redhat
Published
2017-11-13 17:35
Modified
2024-11-05 20:15
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)
Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3195", "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3195.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T20:15:28+00:00", "generator": { "date": "2024-11-05T20:15:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2017:3195", "initial_release_date": "2017-11-13T17:35:58+00:00", "revision_history": [ { "date": "2017-11-13T17:35:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-13T17:35:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:15:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product": { "name": "Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:6.7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product": { "name": "Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:6.7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server EUS (v. 6.7)", "product": { "name": "Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:6.7::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.x86_64", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.x86_64", "product_id": "httpd-0:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "product": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "product_id": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "product": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "product_id": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.src", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.src", "product_id": "httpd-0:2.2.15-47.el6_7.5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=i686" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=i686" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "product": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "product_id": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.i686", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.i686", "product_id": "httpd-0:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=i686" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "product": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "product_id": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "product": { "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "product_id": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.15-47.el6_7.5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "product": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "product_id": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.s390x", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.s390x", "product_id": "httpd-0:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "product": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "product_id": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=s390" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=s390" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "product": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "product_id": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.15-47.el6_7.5?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-0:2.2.15-47.el6_7.5.ppc64", "product": { "name": "httpd-0:2.2.15-47.el6_7.5.ppc64", "product_id": "httpd-0:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.15-47.el6_7.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "product": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "product_id": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-tools@2.2.15-47.el6_7.5?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "product": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "product_id": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.15-47.el6_7.5?arch=ppc" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "product": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "product_id": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.15-47.el6_7.5?arch=ppc" } } } ], "category": "architecture", "name": "ppc" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.src", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node EUS (v. 6.7)", "product_id": "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.src", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7)", "product_id": "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6ComputeNode-optional-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.src as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.src", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.15-47.el6_7.5.noarch as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch" }, "product_reference": "httpd-manual-0:2.2.15-47.el6_7.5.noarch", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.i686 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.i686", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.s390x as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.s390x", "relates_to_product_reference": "6Server-6.7.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64 as a component of Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" }, "product_reference": "mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "relates_to_product_reference": "6Server-6.7.EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-3167", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463194" } ], "notes": [ { "category": "description", "text": "It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: ap_get_basic_auth_pw() authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3167" }, { "category": "external", "summary": "RHBZ#1463194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3167", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3167" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: ap_get_basic_auth_pw() authentication bypass" }, { "cve": "CVE-2017-3169", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463197" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_ssl NULL pointer dereference", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3169" }, { "category": "external", "summary": "RHBZ#1463197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3169", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3169" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_ssl NULL pointer dereference" }, { "cve": "CVE-2017-7679", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1463207" } ], "notes": [ { "category": "description", "text": "A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user permitted to modify httpd\u0027s MIME configuration could use this flaw to cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_mime buffer overread", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7679" }, { "category": "external", "summary": "RHBZ#1463207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7679", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7679" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html", "url": "https://httpd.apache.org/security/vulnerabilities_22.html" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2017-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_mime buffer overread" }, { "cve": "CVE-2017-9788", "cwe": { "id": "CWE-456", "name": "Missing Initialization of a Variable" }, "discovery_date": "2017-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1470748" } ], "notes": [ { "category": "description", "text": "It was discovered that the httpd\u0027s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Uninitialized memory reflection in mod_auth_digest", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9788" }, { "category": "external", "summary": "RHBZ#1470748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9788", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9788" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34", "url": "https://httpd.apache.org/security/vulnerabilities_22.html#2.2.34" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" } ], "release_date": "2017-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "category": "workaround", "details": "If you do not use digest authentication, do not load the \"auth_digest_module\".\n\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\n\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Uninitialized memory reflection in mod_auth_digest" }, { "acknowledgments": [ { "names": [ "Hanno B\u00f6ck" ] } ], "cve": "CVE-2017-9798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2017-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1490344" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\n\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-9798" }, { "category": "external", "summary": "RHBZ#1490344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-9798", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "category": "external", "summary": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" } ], "release_date": "2017-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-13T17:35:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "category": "workaround", "details": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "product_ids": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6ComputeNode-optional-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6ComputeNode-optional-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.src", "6Server-6.7.EUS:httpd-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-debuginfo-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-devel-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:httpd-manual-0:2.2.15-47.el6_7.5.noarch", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:httpd-tools-0:2.2.15-47.el6_7.5.x86_64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.i686", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.ppc64", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.s390x", "6Server-6.7.EUS:mod_ssl-1:2.2.15-47.el6_7.5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.