ID CVE-2016-8740
Summary The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 2.4.17
    cpe:2.3:a:apache:http_server:2.4.17
  • Apache Software Foundation Apache HTTP Server 2.4.18
    cpe:2.3:a:apache:http_server:2.4.18
  • Apache Software Foundation HTTP Server 2.4.19
    cpe:2.3:a:apache:http_server:2.4.19
  • Apache Software Foundation HTTP Server 2.4.20
    cpe:2.3:a:apache:http_server:2.4.20
  • Apache Software Foundation Apache HTTP Server 2.4.21
    cpe:2.3:a:apache:http_server:2.4.21
  • Apache Software Foundation Apache HTTP Server 2.4.22
    cpe:2.3:a:apache:http_server:2.4.22
  • Apache Software Foundation HTTP Server 2.4.23
    cpe:2.3:a:apache:http_server:2.4.23
CVSS
Base: 5.0 (as of 22-12-2016 - 11:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
file exploits/linux/dos/40909.py
id EDB-ID:40909
last seen 2018-11-30
modified 2016-12-12
platform linux
port
published 2016-12-12
reporter Exploit-DB
source https://www.exploit-db.com/download/40909
title Apache 2.4.23 mod_http2 - Denial of Service
type dos
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-B39FEDEC11.NASL
    description Security fix for CVE-2016-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-06-29
    plugin id 95683
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95683
    title Fedora 24 : httpd (2016-b39fedec11)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_13.NASL
    description The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - AppSandbox - AppleScript - Application Firewall - ATS - Audio - CFNetwork - CFNetwork Proxies - CFString - Captive Network Assistant - CoreAudio - CoreText - DesktopServices - Directory Utility - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - IOFireWireFamily - ImageIO - Installer - Kernel - kext tools - libarchive - libc - libexpat - Mail - Mail Drafts - ntp - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - SQLite - Sandbox - Screen Lock - Security - Spotlight - WebKit - zlib Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 103598
    published 2017-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103598
    title macOS < 10.13 Multiple Vulnerabilities
  • NASL family Misc.
    NASL id SECURITYCENTER_5_4_3_TNS_2017_04.NASL
    description According to its version, the installation of Tenable SecurityCenter on the remote host is affected by multiple vulnerabilities : - A flaw exists in the mod_session_crypto module due to encryption for data and cookies using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default). An unauthenticated, remote attacker can exploit this, via a padding oracle attack, to decrypt information without knowledge of the encryption key, resulting in the disclosure of potentially sensitive information. (CVE-2016-0736) - A denial of service vulnerability exists in the mod_auth_digest module during client entry allocation. An unauthenticated, remote attacker can exploit this, via specially crafted input, to exhaust shared memory resources, resulting in a server crash. (CVE-2016-2161) - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated. (CVE-2016-5387, CVE-2016-1000102, CVE-2016-1000104) - A carry propagation error exists in the Broadwell-specific Montgomery multiplication procedure when handling input lengths divisible by but longer than 256 bits. This can result in transient authentication and key negotiation failures or reproducible erroneous outcomes of public-key operations with specially crafted input. A man-in-the-middle attacker can possibly exploit this issue to compromise ECDH key negotiations that utilize Brainpool P-512 curves. (CVE-2016-7055) - A denial of service vulnerability exists in the mod_http2 module due to improper handling of the LimitRequestFields directive. An unauthenticated, remote attacker can exploit this, via specially crafted CONTINUATION frames in an HTTP/2 request, to inject unlimited request headers into the server, resulting in the exhaustion of memory resources. (CVE-2016-8740) - A flaw exists due to improper handling of whitespace patterns in user-agent headers. An unauthenticated, remote attacker can exploit this, via a specially crafted user-agent header, to cause the program to incorrectly process sequences of requests, resulting in interpreting responses incorrectly, polluting the cache, or disclosing the content from one request to a second downstream user-agent. (CVE-2016-8743) - A flaw exits in libcurl in the randit() function within file lib/rand.c due to improper initialization of the 32-bit random value, which is used, for example, to generate Digest and NTLM authentication nonces, resulting in weaker cryptographic operations than expected. (CVE-2016-9594) - A floating pointer exception flaw exists in the exif_convert_any_to_int() function in exif.c that is triggered when handling TIFF and JPEG image tags. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10158) - An integer overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper validation when handling phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10159) - An off-by-one overflow condition exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. (CVE-2016-10160) - An out-of-bounds read error exists in the finish_nested_data() function in var_unserializer.c due to improper validation of unserialized data. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition or the disclosure of memory contents. (CVE-2016-10161) - A denial of service vulnerability exists in the gdImageCreateFromGd2Ctx() function within file gd_gd2.c in the GD Graphics Library (LibGD) when handling images claiming to contain more image data than they actually do. An unauthenticated, remote attacker can exploit this to crash a process linked against the library. (CVE-2016-10167) - An out-of-bounds read error exists when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. (CVE-2017-3731) - A carry propagating error exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys. Note that this issue is very similar to CVE-2015-3193. Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732) - An out-of-bounds read error exists in the phar_parse_pharfile() function in phar.c due to improper parsing of phar archives. An unauthenticated, remote attacker can exploit this to cause a crash, resulting in a denial of service condition. - Multiple stored cross-site scripting (XSS) vulnerabilities exist in unspecified scripts due to a failure to validate input before returning it to users. An authenticated, remote authenticated attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 97726
    published 2017-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97726
    title Tenable SecurityCenter 5.x < 5.4.3 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-358-01.NASL
    description New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2018-09-02
    modified 2017-09-21
    plugin id 96090
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96090
    title Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2016-358-01) (httpoxy)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CB0BF1ECBB9211E6A9A5B499BAEBFEAF.NASL
    description mod_http2 reports : The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a the server allocates too much memory instead of denying the request. This can lead to memory exhaustion of the server by a properly crafted request.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95586
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95586
    title FreeBSD : Apache httpd -- denial of service in HTTP/2 (cb0bf1ec-bb92-11e6-a9a5-b499baebfeaf)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-36.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-36 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers, upstream Apache Software Foundation documentation, and HTTPoxy website referenced below for details. Impact : A remote attacker could cause a Denial of Service condition via multiple vectors or response splitting and cache pollution. Additionally, an attacker could intercept unsecured (HTTP) transmissions via the HTTPoxy vulnerability. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-06-29
    plugin id 96516
    published 2017-01-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96516
    title GLSA-201701-36 : Apache: Multiple vulnerabilities (httpoxy)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-260D22944D.NASL
    description Security fix for CVE-2016-8740 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-06-29
    plugin id 95655
    published 2016-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95655
    title Fedora 25 : httpd (2016-260d22944d)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0203-1.NASL
    description This update for apache2 fixes the following issues : - CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96653
    published 2017-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96653
    title SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:0203-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1413.NASL
    description An update is now available for Red Hat JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736) * It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161) * A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610) * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) * A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 117315
    published 2018-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117315
    title RHEL 7 : JBoss Core Services (RHSA-2017:1413)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-154.NASL
    description This update for apache2 fixes the following issues : - CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648] This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2017-06-29
    plugin id 96863
    published 2017-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96863
    title openSUSE Security Update : apache2 (openSUSE-2017-154)
  • NASL family Misc.
    NASL id SECURITYCENTER_APACHE_2_4_25.NASL
    description The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache : - A flaw exists in the mod_session_crypto module due to encryption for data and cookies using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default). An unauthenticated, remote attacker can exploit this, via a padding oracle attack, to decrypt information without knowledge of the encryption key, resulting in the disclosure of potentially sensitive information. (CVE-2016-0736) - A denial of service vulnerability exists in the mod_auth_digest module during client entry allocation. An unauthenticated, remote attacker can exploit this, via specially crafted input, to exhaust shared memory resources, resulting in a server crash. (CVE-2016-2161) - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated. (CVE-2016-5387) - A denial of service vulnerability exists in the mod_http2 module due to improper handling of the LimitRequestFields directive. An unauthenticated, remote attacker can exploit this, via specially crafted CONTINUATION frames in an HTTP/2 request, to inject unlimited request headers into the server, resulting in the exhaustion of memory resources. (CVE-2016-8740) - A flaw exists due to improper handling of whitespace patterns in user-agent headers. An unauthenticated, remote attacker can exploit this, via a specially crafted user-agent header, to cause the program to incorrectly process sequences of requests, resulting in interpreting responses incorrectly, polluting the cache, or disclosing the content from one request to a second downstream user-agent. (CVE-2016-8743) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 101044
    published 2017-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101044
    title Tenable SecurityCenter Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (TNS-2017-04) (httpoxy)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_862D6AB3C75E11E69F9820CF30E32F6D.NASL
    description Apache Software Foundation reports : Please reference CVE/URL list for details
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 96037
    published 2016-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96037
    title FreeBSD : Apache httpd -- several vulnerabilities (862d6ab3-c75e-11e6-9f98-20cf30e32f6d) (httpoxy)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_12_4.NASL
    description The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 99134
    published 2017-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99134
    title macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2017-004.NASL
    description The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 104379
    published 2017-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104379
    title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)
  • NASL family Web Servers
    NASL id APACHE_2_4_25.NASL
    description According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.25. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the mod_session_crypto module due to encryption for data and cookies using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default). An unauthenticated, remote attacker can exploit this, via a padding oracle attack, to decrypt information without knowledge of the encryption key, resulting in the disclosure of potentially sensitive information. (CVE-2016-0736) - A denial of service vulnerability exists in the mod_auth_digest module during client entry allocation. An unauthenticated, remote attacker can exploit this, via specially crafted input, to exhaust shared memory resources, resulting in a server crash. (CVE-2016-2161) - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated. (CVE-2016-5387) - A denial of service vulnerability exists in the mod_http2 module due to improper handling of the LimitRequestFields directive. An unauthenticated, remote attacker can exploit this, via specially crafted CONTINUATION frames in an HTTP/2 request, to inject unlimited request headers into the server, resulting in the exhaustion of memory resources. (CVE-2016-8740) - A flaw exists due to improper handling of whitespace patterns in user-agent headers. An unauthenticated, remote attacker can exploit this, via a specially crafted user-agent header, to cause the program to incorrectly process sequences of requests, resulting in interpreting responses incorrectly, polluting the cache, or disclosing the content from one request to a second downstream user-agent. (CVE-2016-8743) - A CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir (CVE-2016-4975) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-08
    plugin id 96451
    published 2017-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96451
    title Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1414.NASL
    description An update is now available for Red Hat JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736) * It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161) * A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-7056) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610) * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) * A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 117316
    published 2018-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117316
    title RHEL 6 : JBoss Core Services (RHSA-2017:1414)
redhat via4
advisories
  • rhsa
    id RHSA-2017:1161
  • rhsa
    id RHSA-2017:1413
  • rhsa
    id RHSA-2017:1414
  • rhsa
    id RHSA-2017:1415
refmap via4
bid 94650
confirm
exploit-db 40909
gentoo GLSA-201701-36
misc http://packetstormsecurity.com/files/140023/Apache-HTTPD-Web-Server-2.4.23-Memory-Exhaustion.html
sectrack 1037388
Last major update 09-05-2017 - 21:29
Published 05-12-2016 - 14:59
Last modified 24-04-2018 - 21:29
Back to Top