rhsa-2018_2185
Vulnerability from csaf_redhat
Published
2018-07-12 16:14
Modified
2024-11-22 11:16
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306
and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this release as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nThis release upgrades OpenSSL to version 1.0.2.n\n\nSecurity Fix(es):\n\n* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)\n\n* openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)\n\n* openssl: certificate message OOB reads (CVE-2016-6306)\n\n* openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)\n\n* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)\n\n* openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n\n* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)\n\n* openssl: Read/write after SSL object in error state (CVE-2017-3737)\n\n* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6306 \nand CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6306.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2018:2185", url: "https://access.redhat.com/errata/RHSA-2018:2185", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/", }, { category: "external", summary: "1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "JBCS-373", url: "https://issues.redhat.com/browse/JBCS-373", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2185.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", tracking: { current_release_date: "2024-11-22T11:16:03+00:00", generator: { date: "2024-11-22T11:16:03+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2018:2185", initial_release_date: "2018-07-12T16:14:46+00:00", revision_history: [ { date: "2018-07-12T16:14:46+00:00", number: "1", summary: "Initial version", }, { date: "2018-07-12T16:14:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T11:16:03+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services on RHEL 7 Server", product: { name: "Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1::el7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt-debuginfo@2.4.1-19.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx-debuginfo@0.9.6-17.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb-debuginfo@5.4-36.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-1.Final_redhat_2.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.43-1.redhat_1.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-9.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product_id: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-11.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product_id: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-8.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.1-23.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-17.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-17.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product_id: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-17.jbcs.el7?arch=x86_64", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-1.redhat_2.jbcs.el7?arch=x86_64&epoch=1", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_rt@2.4.1-19.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_bmx@0.9.6-17.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product_id: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_auth_kerb@5.4-36.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product_id: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-1.Final_redhat_2.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product_id: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.43-1.redhat_1.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product_id: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-14.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product_id: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-9.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product_id: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-11.jbcs.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product_id: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-8.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product_id: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.1-23.GA.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product_id: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-17.jbcs.el7?arch=src", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product_id: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-1.redhat_2.jbcs.el7?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product_id: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-17.jbcs.el7?arch=noarch", }, }, }, { category: "product_version", name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product_id: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.1.0-1.redhat_2.1.jbcs.el7?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", }, product_reference: "jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, { category: "default_component_of", full_product_name: { name: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", product_id: "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", }, product_reference: "jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", relates_to_product_reference: "7Server-JBCS", }, ], }, vulnerabilities: [ { cve: "CVE-2016-2182", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2016-08-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1367340", }, ], notes: [ { category: "description", text: "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-2182", }, { category: "external", summary: "RHBZ#1367340", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1367340", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-2182", url: "https://www.cve.org/CVERecord?id=CVE-2016-2182", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-2182", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()", }, { cve: "CVE-2016-4975", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2016-09-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1375968", }, ], notes: [ { category: "description", text: "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.", title: "Vulnerability description", }, { category: "summary", text: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-4975", }, { category: "external", summary: "RHBZ#1375968", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-4975", url: "https://www.cve.org/CVERecord?id=CVE-2016-4975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975", }, ], release_date: "2018-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir", }, { cve: "CVE-2016-6302", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-08-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1369855", }, ], notes: [ { category: "description", text: "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Insufficient TLS session ticket HMAC length checks", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6302", }, { category: "external", summary: "RHBZ#1369855", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1369855", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6302", url: "https://www.cve.org/CVERecord?id=CVE-2016-6302", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6302", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-08-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Insufficient TLS session ticket HMAC length checks", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, { names: [ "Shi Lei", ], organization: "Gear Team of Qihoo 360 Inc.", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2016-6306", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2016-09-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1377594", }, ], notes: [ { category: "description", text: "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.", title: "Vulnerability description", }, { category: "summary", text: "openssl: certificate message OOB reads", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-6306", }, { category: "external", summary: "RHBZ#1377594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1377594", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-6306", url: "https://www.cve.org/CVERecord?id=CVE-2016-6306", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6306", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20160922.txt", url: "https://www.openssl.org/news/secadv/20160922.txt", }, ], release_date: "2016-09-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.2, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: certificate message OOB reads", }, { acknowledgments: [ { names: [ "the OpenSSL project", ], }, ], cve: "CVE-2016-7055", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2016-10-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1393929", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Carry propagating bug in Montgomery multiplication", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-7055", }, { category: "external", summary: "RHBZ#1393929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1393929", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-7055", url: "https://www.cve.org/CVERecord?id=CVE-2016-7055", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-7055", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20161110.txt", url: "https://www.openssl.org/news/secadv/20161110.txt", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2016-10-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Carry propagating bug in Montgomery multiplication", }, { cve: "CVE-2017-3731", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416852", }, ], notes: [ { category: "description", text: "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Truncated packet could crash via OOB read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3731", }, { category: "external", summary: "RHBZ#1416852", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416852", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3731", url: "https://www.cve.org/CVERecord?id=CVE-2017-3731", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3731", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Truncated packet could crash via OOB read", }, { cve: "CVE-2017-3732", discovery_date: "2017-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1416856", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.", title: "Vulnerability description", }, { category: "summary", text: "openssl: BN_mod_exp may produce incorrect results on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3732", }, { category: "external", summary: "RHBZ#1416856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1416856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3732", url: "https://www.cve.org/CVERecord?id=CVE-2017-3732", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3732", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20170126.txt", url: "https://www.openssl.org/news/secadv/20170126.txt", }, ], release_date: "2017-01-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: BN_mod_exp may produce incorrect results on x86_64", }, { cve: "CVE-2017-3736", cwe: { id: "CWE-682", name: "Incorrect Calculation", }, discovery_date: "2017-11-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1509169", }, ], notes: [ { category: "description", text: "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.", title: "Vulnerability description", }, { category: "summary", text: "openssl: bn_sqrx8x_internal carry bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3736", }, { category: "external", summary: "RHBZ#1509169", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1509169", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3736", url: "https://www.cve.org/CVERecord?id=CVE-2017-3736", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3736", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171102.txt", url: "https://www.openssl.org/news/secadv/20171102.txt", }, ], release_date: "2017-11-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: bn_sqrx8x_internal carry bug on x86_64", }, { cve: "CVE-2017-3737", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523504", }, ], notes: [ { category: "description", text: "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Read/write after SSL object in error state", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3737", }, { category: "external", summary: "RHBZ#1523504", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523504", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3737", url: "https://www.cve.org/CVERecord?id=CVE-2017-3737", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3737", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "openssl: Read/write after SSL object in error state", }, { cve: "CVE-2017-3738", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2017-12-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1523510", }, ], notes: [ { category: "description", text: "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.", title: "Vulnerability description", }, { category: "summary", text: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-3738", }, { category: "external", summary: "RHBZ#1523510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1523510", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-3738", url: "https://www.cve.org/CVERecord?id=CVE-2017-3738", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-3738", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20171207.txt", url: "https://www.openssl.org/news/secadv/20171207.txt", }, ], release_date: "2017-12-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2018-07-12T16:14:46+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2018:2185", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-0:1.1.0-1.redhat_2.1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-1.redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-9.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-17.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_auth_kerb-debuginfo-0:5.4-36.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_bmx-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_bmx-debuginfo-0:0.9.6-17.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-1.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.43-1.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.43-1.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_rt-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_rt-debuginfo-0:2.4.1-19.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.1-23.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-17.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-8.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-11.jbcs.el7.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: rsaz_1024_mul_avx2 overflow bug on x86_64", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.